Overview

overview

10

Static

static

10

241105-dtx...ed.zip

windows11-21h2-x64

1

0di3x.exe

windows11-21h2-x64

10

2019-09-02...10.exe

windows11-21h2-x64

10

2c01b00772...eb.exe

windows11-21h2-x64

10

31.exe

windows11-21h2-x64

10

3DMark 11 ...on.exe

windows11-21h2-x64

3

42f9729255...61.exe

windows11-21h2-x64

10

5da0116af4...18.exe

windows11-21h2-x64

5

69c56d12ed...6b.exe

windows11-21h2-x64

10

905d572f23...50.exe

windows11-21h2-x64

10

948340be97...54.exe

windows11-21h2-x64

10

95560f1a46...f9.dll

windows11-21h2-x64

3

Archive.zi...3e.exe

windows11-21h2-x64

7

DiskIntern...en.exe

windows11-21h2-x64

3

ForceOp 2....ce.exe

windows11-21h2-x64

7

HYDRA.exe

windows11-21h2-x64

10

KLwC6vii.exe

windows11-21h2-x64

1

Keygen.exe

windows11-21h2-x64

10

Lonelyscre...ox.exe

windows11-21h2-x64

3

LtHv0O2KZDK4M637.exe

windows11-21h2-x64

10

Magic_File...ja.exe

windows11-21h2-x64

3

OnlineInstaller.exe

windows11-21h2-x64

8

Remouse.Mi...cg.exe

windows11-21h2-x64

3

SecuriteIn...dE.exe

windows11-21h2-x64

10

SecuriteIn...ee.dll

windows11-21h2-x64

10

SecurityTa...up.exe

windows11-21h2-x64

4

Treasure.V...ox.exe

windows11-21h2-x64

3

VyprVPN.exe

windows11-21h2-x64

10

WSHSetup[1].exe

windows11-21h2-x64

3

Yard.dll

windows11-21h2-x64

10

b2bd3de3e5...2).exe

windows11-21h2-x64

10

Resubmissions

01/04/2025, 21:24 UTC

250401-z8184awycs 10

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/02/2025, 02:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (2).exe

  • Size

    209KB

  • MD5

    417457ac3e000697959127259c73ee46

  • SHA1

    e060125845cc1c4098f87632f453969ad9ec01ab

  • SHA256

    d74e9aa01bffcb4944742f93ad5b87d4c057f4faad008f04f7397634fe3f234d

  • SHA512

    7e2dac573db052dc03d89499d9e879bc530e94f3d1235898064aa87e99aee8fced1ac4aeeba342b77afd1480e0584a238ad7cd79cdef9c562bb89d65ba365b31

  • SSDEEP

    3072:tnwDl1lJiIPMUMEhTo6pWmuRdIDAP2Oh0oF14tO/m92B96W5ryx0d:y1DUUMETotmubnP2O314am92

Score
10/10
zloaderbotnetdiscoverytrojan

Malware Config

Signatures

  • Zloader family
    zloader
  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (2).exe
    "C:\Users\Admin\AppData\Local\Temp\b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (2).exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 272
      2⤵
      • Program crash
      PID:1028
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4988 -ip 4988
    1⤵
      PID:4484

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4988-1-0x0000000003190000-0x0000000003290000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4988-2-0x0000000004E00000-0x0000000004E22000-memory.dmp

      Filesize

      136KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.