Analysis
-
max time kernel
19s -
max time network
15s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
28-07-2021 09:58
Static task
static1
Behavioral task
behavioral1
Sample
610113e3e6859.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
610113e3e6859.dll
-
Size
543KB
-
MD5
ae97252af977c7e64b2eeca6140e129e
-
SHA1
269f90889d519741b79e52ea427fbc37e6a01868
-
SHA256
9314c01984c89151f6d4624acad638fe054b3036fcc5115271cb598954c20070
-
SHA512
07fb03be2fbb630d17b832550b774d1f416db84b7dfe05c552ee79a752892b567f49989a1f2dd4b3e6f12cffd55ab312ae76511e841fb22c9e31eba109e8a1c5
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8877
C2
outlook.com
zaluoa.live
daskdjknefjkewfnkjwe.net
Attributes
-
build
250207
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1028 wrote to memory of 1328 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1328 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1328 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1328 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1328 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1328 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 1328 1028 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1328-60-0x0000000000000000-mapping.dmp
-
memory/1328-61-0x0000000075801000-0x0000000075803000-memory.dmpFilesize
8KB
-
memory/1328-63-0x0000000074C00000-0x0000000074D24000-memory.dmpFilesize
1.1MB
-
memory/1328-62-0x0000000074C00000-0x0000000074C0F000-memory.dmpFilesize
60KB
-
memory/1328-64-0x0000000000120000-0x0000000000121000-memory.dmpFilesize
4KB