Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
22-11-2021 13:26
Static task
static1
Behavioral task
behavioral1
Sample
7dc420886e9c1a1e40e34d73ed2faf7c.dll
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
General
-
Target
7dc420886e9c1a1e40e34d73ed2faf7c.dll
-
Size
139KB
-
MD5
7dc420886e9c1a1e40e34d73ed2faf7c
-
SHA1
1cf57d47fab52815150a8236e985e7976aba4f75
-
SHA256
4e7f81fa970f3c2ffa70c22d10b2c81efbf7429594719be49b56a0b516503e4b
-
SHA512
71ed19f4556c8b87b8a5c9d833404aa1cb531bdabfbd5527760fbe1530d24db8c2eab71c03b1d351878789cb06bdf34e0a95f9b829b2354b9c1a6514a8028b5d
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8899
C2
microsoft.com/windowsdisabler
https://technoshoper.com
https://avolebukoneh.website
http://technoshoper.com
http://avolebukoneh.website
Attributes
-
build
260216
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1696 wrote to memory of 380 1696 regsvr32.exe regsvr32.exe PID 1696 wrote to memory of 380 1696 regsvr32.exe regsvr32.exe PID 1696 wrote to memory of 380 1696 regsvr32.exe regsvr32.exe PID 1696 wrote to memory of 380 1696 regsvr32.exe regsvr32.exe PID 1696 wrote to memory of 380 1696 regsvr32.exe regsvr32.exe PID 1696 wrote to memory of 380 1696 regsvr32.exe regsvr32.exe PID 1696 wrote to memory of 380 1696 regsvr32.exe regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/380-56-0x0000000000000000-mapping.dmp
-
memory/380-57-0x00000000753E1000-0x00000000753E3000-memory.dmpFilesize
8KB
-
memory/380-58-0x00000000001A0000-0x00000000001AF000-memory.dmpFilesize
60KB
-
memory/1696-55-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmpFilesize
8KB