Analysis
-
max time kernel
144s -
max time network
145s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
14-12-2021 18:55
Static task
static1
Behavioral task
behavioral1
Sample
f685cc7a35c18f8948dfad741d830871.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
General
-
Target
f685cc7a35c18f8948dfad741d830871.dll
-
Size
1.7MB
-
MD5
f685cc7a35c18f8948dfad741d830871
-
SHA1
34d9e559ee878fc1f7a20ce073a902a81568f67f
-
SHA256
3fff4baf83e75e39c51a2484ca04763852b6d6bf0a24ecb341e65dd2724711a0
-
SHA512
05b36ebb61cece1881bbe8cb35efcf38d98f2dc8aec71a3e0d262aaeca6466d36637f10ce8409829231bfce356793b8eb27d3c792f9f2283cef19cfce68274d8
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8899
C2
microsoft.com/windowsdisabler
windows.update3.com
berukoneru.website
gerukoneru.website
fortunarah.com
Attributes
-
base_path
/tire/
-
build
260222
-
dga_season
10
-
exe_type
loader
-
extension
.eta
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2484 wrote to memory of 2744 2484 regsvr32.exe regsvr32.exe PID 2484 wrote to memory of 2744 2484 regsvr32.exe regsvr32.exe PID 2484 wrote to memory of 2744 2484 regsvr32.exe regsvr32.exe