Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
07-05-2021 18:38
Static task
static1
Behavioral task
behavioral1
Sample
beed23c8b32850c8f45228c22c8b036d.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
beed23c8b32850c8f45228c22c8b036d.dll
-
Size
118KB
-
MD5
beed23c8b32850c8f45228c22c8b036d
-
SHA1
1b002110ca216433834fac4ddcbf5ec32e86f59c
-
SHA256
9e28e8d663048328cf77a9c78fb97b5037510d07b737ca0ee10065bb8bab1fd8
-
SHA512
16a62f45b7cc5d048080e2c9ea9cc43c0429bd090b4e8e3afcb9aa4ab747a1dfba8f7eeaaedbfe03b0e12ff15e497d63a0becd98eccce4c8a389cd06e952ec2c
Malware Config
Extracted
Family
gozi_ifsb
Attributes
-
build
250187
-
exe_type
loader
rsa_pubkey.base64
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1080 wrote to memory of 2012 1080 rundll32.exe rundll32.exe PID 1080 wrote to memory of 2012 1080 rundll32.exe rundll32.exe PID 1080 wrote to memory of 2012 1080 rundll32.exe rundll32.exe PID 1080 wrote to memory of 2012 1080 rundll32.exe rundll32.exe PID 1080 wrote to memory of 2012 1080 rundll32.exe rundll32.exe PID 1080 wrote to memory of 2012 1080 rundll32.exe rundll32.exe PID 1080 wrote to memory of 2012 1080 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\beed23c8b32850c8f45228c22c8b036d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\beed23c8b32850c8f45228c22c8b036d.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2012-59-0x0000000000000000-mapping.dmp
-
memory/2012-60-0x0000000075281000-0x0000000075283000-memory.dmpFilesize
8KB
-
memory/2012-61-0x0000000000140000-0x0000000000160000-memory.dmpFilesize
128KB
-
memory/2012-62-0x0000000010000000-0x0000000010020000-memory.dmpFilesize
128KB