Analysis
-
max time kernel
82s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
12-08-2021 13:49
General
-
Target
a9dd9b9eff47af724436e2abdcd5ce6c.exe.dll
-
Size
485KB
-
MD5
a9dd9b9eff47af724436e2abdcd5ce6c
-
SHA1
1a9c9258f0345f5edddd933a7bd15ec42be51f8e
-
SHA256
cdaca5b6aabd92a7b782c2d7b250cbc1b2ed4c5a78091271f788d58dedcd94f6
-
SHA512
28af95d398c6311bd593489019be39a23218d64d5236f765c4ecadf43bff07f0ab2aea10413ad7390e3805b09921cdd6c33db734023a6b91a1735125793aea52
Malware Config
Extracted
zloader
vasja
vasja
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\a9dd9b9eff47af724436e2abdcd5ce6c.exe.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\a9dd9b9eff47af724436e2abdcd5ce6c.exe.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2644-114-0x0000000000000000-mapping.dmp
-
memory/2644-115-0x00000000006E0000-0x00000000006E1000-memory.dmpFilesize
4KB
-
memory/2644-116-0x0000000010000000-0x0000000010129000-memory.dmpFilesize
1.2MB