3a4ca58b0a2e72a264466a240c6636f62b8742ffbc96ce14e2225f0e57012e96 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-en-20211014
submitted
18-10-2021 15:32

Sharing

Report Analysis Logs

General

Target

unpacked_zloader_21_10_4.dll
Size

146KB
MD5

2f5674540983bc9a2d8ceb2078fa01b6
SHA1

cc4bba83f31c2d15ebd9432e3d832a4c3de8c516
SHA256

3a4ca58b0a2e72a264466a240c6636f62b8742ffbc96ce14e2225f0e57012e96
SHA512

8582bb402dcc65e346b1e7ebf9872ea32b821b4e6c24508c44c3c3cbfbc4fc7af3b95f29db6ddc13eed6a62ea1febcf4810152f113c18577fd5fcca10d155be4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1548 wrote to memory of 1668	1548	rundll32.exe	rundll32.exe
PID 1548 wrote to memory of 1668	1548	rundll32.exe	rundll32.exe
PID 1548 wrote to memory of 1668	1548	rundll32.exe	rundll32.exe
PID 1548 wrote to memory of 1668	1548	rundll32.exe	rundll32.exe
PID 1548 wrote to memory of 1668	1548	rundll32.exe	rundll32.exe
PID 1548 wrote to memory of 1668	1548	rundll32.exe	rundll32.exe
PID 1548 wrote to memory of 1668	1548	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\unpacked_zloader_21_10_4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\unpacked_zloader_21_10_4.dll,#1
2⤵
PID:1668

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-55-0x0000000000000000-mapping.dmp

Download
memory/1668-56-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download