Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
18-10-2021 15:32
Static task
static1
Behavioral task
behavioral1
Sample
unpacked_zloader_21_10_4.dll
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
unpacked_zloader_21_10_4.dll
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
unpacked_zloader_21_10_4.dll
-
Size
146KB
-
MD5
2f5674540983bc9a2d8ceb2078fa01b6
-
SHA1
cc4bba83f31c2d15ebd9432e3d832a4c3de8c516
-
SHA256
3a4ca58b0a2e72a264466a240c6636f62b8742ffbc96ce14e2225f0e57012e96
-
SHA512
8582bb402dcc65e346b1e7ebf9872ea32b821b4e6c24508c44c3c3cbfbc4fc7af3b95f29db6ddc13eed6a62ea1febcf4810152f113c18577fd5fcca10d155be4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1548 wrote to memory of 1668 1548 rundll32.exe rundll32.exe PID 1548 wrote to memory of 1668 1548 rundll32.exe rundll32.exe PID 1548 wrote to memory of 1668 1548 rundll32.exe rundll32.exe PID 1548 wrote to memory of 1668 1548 rundll32.exe rundll32.exe PID 1548 wrote to memory of 1668 1548 rundll32.exe rundll32.exe PID 1548 wrote to memory of 1668 1548 rundll32.exe rundll32.exe PID 1548 wrote to memory of 1668 1548 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\unpacked_zloader_21_10_4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\unpacked_zloader_21_10_4.dll,#12⤵