Analysis
-
max time kernel
90s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
12-07-2022 00:10
Static task
static1
Behavioral task
behavioral1
Sample
93114ecf1b2c711ec10e1fafdc834393efc11a97.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
93114ecf1b2c711ec10e1fafdc834393efc11a97.dll
-
Size
445KB
-
MD5
f3be390b01c85970deeae124ca36ce2d
-
SHA1
93114ecf1b2c711ec10e1fafdc834393efc11a97
-
SHA256
4eef8b6a5bcd808cd0ab0e33efcea2c2f9a36abe556e56556de8550383c9d3ce
-
SHA512
463829e0a07a2983d967483d49dd478243658c0be583bcddb801cd45beb869eee8cda812ea3a74e5cf5d70be07b5a59677317dbadcefdb8a21de3ddcbe7fa3a6
Malware Config
Extracted
Family
gozi_ifsb
Botnet
1500
C2
gtr.antoinfer.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3732 wrote to memory of 2912 3732 rundll32.exe rundll32.exe PID 3732 wrote to memory of 2912 3732 rundll32.exe rundll32.exe PID 3732 wrote to memory of 2912 3732 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93114ecf1b2c711ec10e1fafdc834393efc11a97.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93114ecf1b2c711ec10e1fafdc834393efc11a97.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2912-130-0x0000000000000000-mapping.dmp
-
memory/2912-131-0x0000000074910000-0x000000007491D000-memory.dmpFilesize
52KB
-
memory/2912-132-0x0000000074910000-0x0000000074A1A000-memory.dmpFilesize
1.0MB
-
memory/2912-133-0x0000000074910000-0x0000000074A1A000-memory.dmpFilesize
1.0MB
-
memory/2912-134-0x0000000074910000-0x0000000074A1A000-memory.dmpFilesize
1.0MB