Analysis
-
max time kernel
117s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system -
submitted
07/11/2023, 13:44
Behavioral task
behavioral1
Sample
ZinRead/ZinRead.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
ZinRead/ZinRead.exe
Resource
win10v2004-20231025-en
Behavioral task
behavioral3
Sample
ZinRead/alleg40.dll
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
ZinRead/alleg40.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
ZinRead/midas11.dll
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
ZinRead/midas11.dll
Resource
win10v2004-20231023-en
General
-
Target
ZinRead/midas11.dll
-
Size
71KB
-
MD5
723ec19b2bfbb500b939b528a42e93e4
-
SHA1
92228abb2dd38a3dd9cc8a6f656d5dbff4791383
-
SHA256
272576f512aa4a9279c094cda5d7d6fcd2fb55e33819838d781729e4de6289a2
-
SHA512
b5a6a5727a66ab917621bb5c47032c77e6c38a0faf022e623a269df0b039c0b8a82d8e556174c65032ce94a62394bb1363508dec07977d66c931f6ec697ac2d9
-
SSDEEP
1536:dzMvu7saR9+XpLBG5F1pw/44c1A+oBs5ZI7QPOhp:CWBR96L+F1CxoAlSIQPm
Malware Config
Signatures
-
resource yara_rule behavioral5/memory/2340-1-0x0000000000180000-0x00000000001B1000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2096 wrote to memory of 2340 2096 rundll32.exe 28 PID 2096 wrote to memory of 2340 2096 rundll32.exe 28 PID 2096 wrote to memory of 2340 2096 rundll32.exe 28 PID 2096 wrote to memory of 2340 2096 rundll32.exe 28 PID 2096 wrote to memory of 2340 2096 rundll32.exe 28 PID 2096 wrote to memory of 2340 2096 rundll32.exe 28 PID 2096 wrote to memory of 2340 2096 rundll32.exe 28