Analysis
-
max time kernel
101s -
max time network
120s -
platform
windows7_x64 -
resource
win7 -
submitted
27-10-2020 06:33
Static task
static1
Behavioral task
behavioral1
Sample
ggf.dll
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ggf.dll
Resource
win10
0 signatures
0 seconds
General
-
Target
ggf.dll
-
Size
667KB
-
MD5
3f4b7d537973a560df0898d821697f85
-
SHA1
a811b3af1cd710cb175e27faf97a66cf51ec18af
-
SHA256
bc8dc839be99fa4411ee9b7fb8e042095a324d0d1400ca1545924894ec143ec5
-
SHA512
e65a94d4b4a18ac4ac2fe722e2d6098f9b78b0d9b4f702977e2baff823f7c6b4c4a536de18c635d25662ae768efbee90b659073262196d36add52a5dec9ea498
Malware Config
Extracted
Family
zloader
Botnet
dll26
Campaign
dll26
C2
https://eecakesconf.at/web982/gate.php
rc4.plain
rsa_pubkey.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1084 wrote to memory of 1844 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1844 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1844 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1844 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1844 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1844 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1844 1084 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1596-2-0x00000000000C0000-0x00000000000C1000-memory.dmpFilesize
4KB
-
memory/1596-1-0x0000000000090000-0x00000000000B6000-memory.dmpFilesize
152KB
-
memory/1596-3-0x0000000000090000-0x00000000000B6000-memory.dmpFilesize
152KB
-
memory/1596-4-0x0000000000000000-mapping.dmp
-
memory/1844-0-0x0000000000000000-mapping.dmp