Analysis
-
max time kernel
118s -
max time network
155s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
09-07-2021 15:02
Static task
static1
Behavioral task
behavioral1
Sample
3d0.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
3d0.dll
-
Size
492KB
-
MD5
3d080af5324b49363773d0db21b620ed
-
SHA1
2724f486e0f8607eda3ea9e9783ea4f46bc98342
-
SHA256
c21498aea57a809c36258572bc551c6047a4bf93958bc7a3d4b46d844fc9f1b3
-
SHA512
d68d25125dc209f16936b8baad4334f7bb6c4fa58207fafd5428cb1c98630d668da6253e010ac4bb4dedd1dd418f1f31e08acef689e5f663fbde28c7935fadc0
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1072 wrote to memory of 1504 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 1504 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 1504 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 1504 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 1504 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 1504 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 1504 1072 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1504-59-0x0000000000000000-mapping.dmp
-
memory/1504-60-0x0000000075281000-0x0000000075283000-memory.dmpFilesize
8KB
-
memory/1504-61-0x0000000000220000-0x00000000002B0000-memory.dmpFilesize
576KB
-
memory/1504-62-0x0000000000220000-0x000000000022D000-memory.dmpFilesize
52KB
-
memory/1504-63-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB