Analysis
-
max time kernel
15s -
max time network
41s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
28-07-2021 08:22
Static task
static1
Behavioral task
behavioral1
Sample
6101135878f66.dll
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
6101135878f66.dll
-
Size
543KB
-
MD5
0d68d238d713f63ff02be916ae633466
-
SHA1
46958a4143c337f8406b0c785d434c8892e902e8
-
SHA256
9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e
-
SHA512
502daafc9ba908cf8b682e2496be0785c7ccf035e8876df2b31b97dd43a5f79e50505afa63cd60be1df89003ae774d071777433cfc2b14359e581175b290ef33
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8877
C2
outlook.com
zaluoa.live
daskdjknefjkewfnkjwe.net
Attributes
-
build
250207
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1208 wrote to memory of 1264 1208 rundll32.exe rundll32.exe PID 1208 wrote to memory of 1264 1208 rundll32.exe rundll32.exe PID 1208 wrote to memory of 1264 1208 rundll32.exe rundll32.exe PID 1208 wrote to memory of 1264 1208 rundll32.exe rundll32.exe PID 1208 wrote to memory of 1264 1208 rundll32.exe rundll32.exe PID 1208 wrote to memory of 1264 1208 rundll32.exe rundll32.exe PID 1208 wrote to memory of 1264 1208 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1264-60-0x0000000000000000-mapping.dmp
-
memory/1264-61-0x0000000076281000-0x0000000076283000-memory.dmpFilesize
8KB
-
memory/1264-63-0x0000000074EF0000-0x0000000075014000-memory.dmpFilesize
1.1MB
-
memory/1264-62-0x0000000074EF0000-0x0000000074EFF000-memory.dmpFilesize
60KB
-
memory/1264-64-0x0000000000170000-0x0000000000171000-memory.dmpFilesize
4KB