Overview

overview

10

Static

static

3

22c1b89400...18.dll

windows7-x64

10

22c1b89400...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2024 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22c1b894002c6ffd1fdc2a75b48ddcda_JaffaCakes118.dll

  • Size

    723KB

  • MD5

    22c1b894002c6ffd1fdc2a75b48ddcda

  • SHA1

    5037543f108882d6a0d5b1907d125d40e4126e32

  • SHA256

    c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2

  • SHA512

    67fe107a5bf13fa041eed46c4477ced5fd1af826cd6fc7e5b0661f3690d1a1eeeb69973ef9ccb50c13bc38740711ad0070daaa4b23ef49c9f28c164a881c4a67

  • SSDEEP

    6144:GuPnPogxyU47hhfJHOtrfIx2yDsOyXMPfMPTPtP/PvPxPLPLPVPbPPxPTPDpP/PY:G4A8h4l1Rmr02GsOynnx9VQ

Score
10/10
zloaderbat1k3bat1k3botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

bat1k3

Campaign

bat1k3

C2

http://as9897234135.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.com/LKhwojehDgwegSDG/gateJKjdsh.php
Attributes
  • build_id

    37

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\22c1b894002c6ffd1fdc2a75b48ddcda_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3196
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\22c1b894002c6ffd1fdc2a75b48ddcda_JaffaCakes118.dll,#1
      2⤵
        PID:4424
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 608
          3⤵
          • Program crash
          PID:4728
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4424 -ip 4424
      1⤵
        PID:688

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4424-0-0x0000000000E20000-0x0000000000E9C000-memory.dmp

        Filesize

        496KB

        Download

      • memory/4424-1-0x0000000000F20000-0x0000000000F4D000-memory.dmp

        Filesize

        180KB

        Download