Analysis
-
max time kernel
123s -
max time network
155s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
14-06-2021 15:59
Static task
static1
Behavioral task
behavioral1
Sample
textboxValue.jpg.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
textboxValue.jpg.dll
-
Size
623KB
-
MD5
7e242194013d4ccdecf7011966cabaf3
-
SHA1
b264a09ad821f64fd8ba3a2d717ee40b0cf6582e
-
SHA256
46122b4b88cd3e3cb38554bf976528c4046e1183b38a458e1c4cd91bcca8bee7
-
SHA512
5416250367a2421d5733f709f00769369a0efe164e4ac55ab4e77c0bfa6abb2fcd12442b7760bc748802cf7caea159bcf418937abdbb9ae51c5d04935645de1a
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1924 wrote to memory of 844 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 844 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 844 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 844 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 844 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 844 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 844 1924 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/844-61-0x0000000076691000-0x0000000076693000-memory.dmpFilesize
8KB
-
memory/844-60-0x0000000000000000-mapping.dmp
-
memory/844-63-0x0000000074CC0000-0x0000000074D6F000-memory.dmpFilesize
700KB
-
memory/844-64-0x00000000001D0000-0x00000000001D1000-memory.dmpFilesize
4KB
-
memory/844-62-0x0000000074CC0000-0x0000000074CCD000-memory.dmpFilesize
52KB