Analysis
-
max time kernel
68s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
04-05-2021 15:30
Static task
static1
Behavioral task
behavioral1
Sample
759e055bf47a9ce1a7fce3e3276120f3.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
759e055bf47a9ce1a7fce3e3276120f3.dll
-
Size
130KB
-
MD5
759e055bf47a9ce1a7fce3e3276120f3
-
SHA1
d6de742f6caf13d4a9aa75287d041596fbcea73a
-
SHA256
d8bcf8beebb5ab690b52094df6317f023f62f044e8107508d84d06d4700fe81a
-
SHA512
7bba491da19915bc7719063206b8718d061641d12d833979cc27136811b40ec1fa1ab913d3847c7068f90b2a90706bd288cb62342f62c294fc2d140f88fa1b7b
Malware Config
Extracted
Family
gozi_ifsb
Attributes
-
build
250187
-
exe_type
loader
rsa_pubkey.base64
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 788 wrote to memory of 2012 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2012 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2012 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2012 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2012 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2012 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2012 788 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\759e055bf47a9ce1a7fce3e3276120f3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\759e055bf47a9ce1a7fce3e3276120f3.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2012-60-0x0000000000000000-mapping.dmp
-
memory/2012-61-0x0000000075551000-0x0000000075553000-memory.dmpFilesize
8KB
-
memory/2012-62-0x00000000001C0000-0x00000000001E0000-memory.dmpFilesize
128KB
-
memory/2012-63-0x0000000010000000-0x0000000010020000-memory.dmpFilesize
128KB