Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
21-04-2021 09:06
Static task
static1
Behavioral task
behavioral1
Sample
27851.png.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
27851.png.dll
-
Size
486KB
-
MD5
0b26191e482cf7c321efeb8d2569caac
-
SHA1
0909177f5f88f101146bb4e31202ad92ebd8e223
-
SHA256
b553c5b6da9f88cfc7d00fba468abef8d2b7889f5f19b70e6c52a091f9854121
-
SHA512
169256f7cb7bfea1a151ac927b57f77d0b513038cea9232040bdec773faa3b92e4522324ab62ed8ea5a8c54293d0d5e1638ef01a88fbb316cd010f145bb85099
Malware Config
Extracted
Family
gozi_ifsb
Botnet
4460
C2
1.microsoft.com
horulenuke.us
vorulenuke.us
Attributes
-
build
250190
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1748 wrote to memory of 1976 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1976 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1976 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1976 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1976 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1976 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1976 1748 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1976-59-0x0000000000000000-mapping.dmp
-
memory/1976-60-0x00000000757E1000-0x00000000757E3000-memory.dmpFilesize
8KB
-
memory/1976-62-0x0000000074620000-0x00000000746B4000-memory.dmpFilesize
592KB
-
memory/1976-61-0x0000000074620000-0x000000007462F000-memory.dmpFilesize
60KB
-
memory/1976-63-0x00000000000B0000-0x00000000000B1000-memory.dmpFilesize
4KB