Analysis
-
max time kernel
105s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
18-04-2022 15:30
General
-
Target
69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll
-
Size
667KB
-
MD5
14329d9e980e7a427e941f7d5d71365c
-
SHA1
07ede188c7e143443eb8fcd9dfa347481b34fcc2
-
SHA256
69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c
-
SHA512
6fa538242f02dbf469a9c9ea4ddbdaa628001796b367106d711cb5a38c507badf04194d85f5c3e277ff0742c2bf1873b8e3c68afd9ade8b998ec7c7c442c8e33
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
dll26
Campaign
dll26
C2
https://eecakesconf.at/web982/gate.php
Attributes
-
build_id
7
rc4.plain
rsa_pubkey.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2004-130-0x0000000000000000-mapping.dmp
-
memory/2004-132-0x0000000074ED0000-0x0000000074F83000-memory.dmpFilesize
716KB
-
memory/2004-131-0x0000000074ED0000-0x0000000074EF6000-memory.dmpFilesize
152KB