Analysis
-
max time kernel
132s -
max time network
37s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
08-02-2022 22:09
General
-
Target
be6c43eb0c59b6f752d2c237fccb0e91523e50423057ccf0c17121584bdf3fed.dll
-
Size
506KB
-
MD5
6fc31eeb82459891900975bdf5d7b789
-
SHA1
5f7717ca5a41d29859327b0341fa8246ec54a936
-
SHA256
be6c43eb0c59b6f752d2c237fccb0e91523e50423057ccf0c17121584bdf3fed
-
SHA512
828150dfc6892ab3c6fff0d103aa0b4f4297ce24dabd48354699ad2e6e20ee1dbedc6e8b2bc45a145c91bb8196dd2be6f0a4af382524a04bb8dc0032d2821244
Malware Config
Extracted
zloader
googleaktualizacija
googleaktualizacija2
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
-
build_id
156
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be6c43eb0c59b6f752d2c237fccb0e91523e50423057ccf0c17121584bdf3fed.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be6c43eb0c59b6f752d2c237fccb0e91523e50423057ccf0c17121584bdf3fed.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1916-54-0x0000000075531000-0x0000000075533000-memory.dmpFilesize
8KB
-
memory/1916-55-0x00000000001C0000-0x000000000020B000-memory.dmpFilesize
300KB
-
memory/1916-56-0x0000000000320000-0x0000000000346000-memory.dmpFilesize
152KB