Analysis
-
max time kernel
137s -
max time network
78s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
03-06-2021 19:45
Static task
static1
Behavioral task
behavioral1
Sample
crisp.css.dll
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
crisp.css.dll
-
Size
424KB
-
MD5
b3eef2ceda386411f18232690dd0f973
-
SHA1
d524a9bc2b4f1c17b312d3fe71d752a0a52e318e
-
SHA256
9cf96531ac589e5947c69554c9ea7f7ab2a7cd8037512754acf97d4a40f911b8
-
SHA512
59e7783f2d849fded2712e8ff5ca64da086220232f54492cce544413df6443d16735e148dff8a4b13e3e7a63ac9657cf228ee7a756f6aadd2525d0f912c8eac3
Malware Config
Extracted
Family
gozi_ifsb
Botnet
4500
C2
authd.feronok.com
raw.pablowilliano.at
Attributes
-
build
250188
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 668 wrote to memory of 1072 668 regsvr32.exe regsvr32.exe PID 668 wrote to memory of 1072 668 regsvr32.exe regsvr32.exe PID 668 wrote to memory of 1072 668 regsvr32.exe regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1072-114-0x0000000000000000-mapping.dmp
-
memory/1072-115-0x00000000739A0000-0x00000000739AD000-memory.dmpFilesize
52KB
-
memory/1072-116-0x00000000739A0000-0x0000000073A1F000-memory.dmpFilesize
508KB
-
memory/1072-117-0x0000000003140000-0x0000000003141000-memory.dmpFilesize
4KB