Analysis
-
max time kernel
41s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
16-03-2021 06:45
Static task
static1
Behavioral task
behavioral1
Sample
file.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
file.dll
-
Size
457KB
-
MD5
e57116d079e5f8532959ac73fa54211b
-
SHA1
3c4615f2200c1d01c5a1880bb1bc2c072117ddf8
-
SHA256
68c1d27603528e896c0d5cab01240c441b4cc08797faf0d4578261b824d07f82
-
SHA512
7d8d63633a053f09aaa5bd45460c2661120f49a6c5c12725ad85645d2f7c7e5b9cc6ea0b1d66d31ec8b73c506c765a37fab6ab843c2f8ef82551dcad879c9b02
Malware Config
Extracted
Family
gozi_ifsb
Botnet
5500
C2
windows.update.com
shop.microsoft.com
fraloopilo.xyz
paladingrazz.xyz
Attributes
-
build
250177
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1636 wrote to memory of 1084 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1084 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1084 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1084 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1084 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1084 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1084 1636 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1084-2-0x0000000000000000-mapping.dmp
-
memory/1084-3-0x00000000761E1000-0x00000000761E3000-memory.dmpFilesize
8KB
-
memory/1084-4-0x0000000074B90000-0x0000000074B9F000-memory.dmpFilesize
60KB
-
memory/1084-5-0x00000000001F0000-0x00000000001F1000-memory.dmpFilesize
4KB