Analysis
-
max time kernel
51s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
07-05-2021 18:38
Static task
static1
Behavioral task
behavioral1
Sample
beed23c8b32850c8f45228c22c8b036d.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
beed23c8b32850c8f45228c22c8b036d.dll
-
Size
118KB
-
MD5
beed23c8b32850c8f45228c22c8b036d
-
SHA1
1b002110ca216433834fac4ddcbf5ec32e86f59c
-
SHA256
9e28e8d663048328cf77a9c78fb97b5037510d07b737ca0ee10065bb8bab1fd8
-
SHA512
16a62f45b7cc5d048080e2c9ea9cc43c0429bd090b4e8e3afcb9aa4ab747a1dfba8f7eeaaedbfe03b0e12ff15e497d63a0becd98eccce4c8a389cd06e952ec2c
Malware Config
Extracted
Family
gozi_ifsb
Attributes
-
build
250187
-
exe_type
loader
rsa_pubkey.base64
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 708 wrote to memory of 1608 708 rundll32.exe rundll32.exe PID 708 wrote to memory of 1608 708 rundll32.exe rundll32.exe PID 708 wrote to memory of 1608 708 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\beed23c8b32850c8f45228c22c8b036d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\beed23c8b32850c8f45228c22c8b036d.dll,#12⤵