zloader | 89e7621123c613d82aadfe6defded7f2816a7add36a7ef1576c08206c84fc90d

Analysis

max time kernel
554s
max time network
557s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09-04-2024 15:57

Target

JoltBeacon.dll
Size

170KB
MD5

6a6c11510e1743835c938eb1135d5f8f
SHA1

cab05283c7458cb74499772525f1eeb174ae2daa
SHA256

89e7621123c613d82aadfe6defded7f2816a7add36a7ef1576c08206c84fc90d
SHA512

149c6f5bcf6b05c40e1c040d89586b6d992bbc7c3c23ca24292caa064531f373dee1243249f803fd20abfe53621ec7816d4fdb097cc2ee63bbca209cc993ccd5
SSDEEP

3072:WGDjIrSZFEhB2oMk3pXO+4ao8eB4JP5/xemoyUuziq7:WYj3KhWmODB4//xloyUuuq

Score

10^/10

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Blocklisted process makes network request 36 IoCs

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4240 set thread context of 4084	4240	rundll32.exe	76

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 4084	4240	rundll32.exe	76
PID 4240 wrote to memory of 4084	4240	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JoltBeacon.dll,#1
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Windows\System32\msiexec.exe
  \??\C:\Windows\System32\msiexec.exe
  2⤵
  - Blocklisted process makes network request
  PID:4084

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CT02THQH\post[1].php

Filesize
3B

MD5
8a80554c91d9fca8acb82f023de02f11

SHA1
5f36b2ea290645ee34d943220a14b54ee5ea5be5

SHA256
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

SHA512
ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

Download Submit
memory/4084-10-0x0000017FF3220000-0x0000017FF3260000-memory.dmp

Filesize
256KB

Download
memory/4084-12-0x0000017FF3220000-0x0000017FF3260000-memory.dmp

Filesize
256KB

Download
memory/4084-17-0x0000017FF56A0000-0x0000017FF58A9000-memory.dmp

Filesize
2.0MB

Download
memory/4084-30-0x0000017FF3220000-0x0000017FF3260000-memory.dmp

Filesize
256KB

Download
memory/4084-33-0x0000017FF3220000-0x0000017FF3260000-memory.dmp

Filesize
256KB

Download
memory/4084-100-0x0000017FF3220000-0x0000017FF3260000-memory.dmp

Filesize
256KB

Download
memory/4084-103-0x0000017FF3220000-0x0000017FF3260000-memory.dmp

Filesize
256KB

Download
memory/4240-0-0x00000150AE420000-0x00000150AE629000-memory.dmp

Filesize
2.0MB

Download