Resubmissions
24-01-2024 08:17
240124-j6t41adgg8 1024-01-2024 07:52
240124-jqd3vadcfj 1023-01-2024 11:54
240123-n28ttaafc8 1024-06-2020 13:13
200624-qjwbdtfea2 10Analysis
-
max time kernel
949s -
max time network
953s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
23-01-2024 11:54
Static task
static1
Behavioral task
behavioral1
Sample
june23.dll
Resource
win7-20231215-en
General
-
Target
june23.dll
-
Size
383KB
-
MD5
7e889962ed9651933c46faa6f7b5ab6d
-
SHA1
015639fe2a6af8d9205e0fb36226c9d134b49fd8
-
SHA256
a51d5fe8c5f9ea9c4af866b7b6669845433934e4b4528995a3ac1702e7002c0e
-
SHA512
914e07996a14bd4499b91333ab0de65748e5617d543dd0eff3a269d24a542f15cbe1dca7be618843c0d7fb60dcaf96e20e5de95ac2989dc48850ab1a10aa8ff2
-
SSDEEP
6144:0855ylon+ZoU2BrVjEv1Ah4voE4JDU20IRqTMjREIx6a:0mgllw9FmAhjxU2rRr6
Malware Config
Extracted
zloader
june23
june
http://snnmnkxdhflwgthqismb.com/web/post.php
http://nlbmfsyplohyaicmxhum.com/web/post.php
http://softwareserviceupdater1.com/web/post.php
http://softwareserviceupdater2.com/web/post.php
-
build_id
7
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2188 set thread context of 1836 2188 rundll32.exe 31 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeSecurityPrivilege 1836 msiexec.exe Token: SeSecurityPrivilege 1836 msiexec.exe -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2624 wrote to memory of 2188 2624 rundll32.exe 28 PID 2624 wrote to memory of 2188 2624 rundll32.exe 28 PID 2624 wrote to memory of 2188 2624 rundll32.exe 28 PID 2624 wrote to memory of 2188 2624 rundll32.exe 28 PID 2624 wrote to memory of 2188 2624 rundll32.exe 28 PID 2624 wrote to memory of 2188 2624 rundll32.exe 28 PID 2624 wrote to memory of 2188 2624 rundll32.exe 28 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31 PID 2188 wrote to memory of 1836 2188 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\june23.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\june23.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1836
-
-