Analysis
-
max time kernel
142s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 02:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
244fcb71c16ab8163f25c633dcb91b1c.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
244fcb71c16ab8163f25c633dcb91b1c.dll
-
Size
355KB
-
MD5
244fcb71c16ab8163f25c633dcb91b1c
-
SHA1
cf0256c44be6b311558358bb00f9ec257ec90236
-
SHA256
48589e8612584c5b67c325367e53b63379dbf984a0a0dc905bd29fd3f7fd6c03
-
SHA512
8768bcda747665ef22c4ca8208c43ade6397f7792a6b32a8ce37f7630513a684b7c3ab69620d5a74350f00e74ba72393f6ba08cec988172d5e0552161814d5cb
-
SSDEEP
6144:BstpyZ+ANKFOVwmBfjdLz5kazt+x1gLY3TGAa7VGpwCu:BstpbAmOOmljdLGeZOGH7Cu
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
1500
C2
gtr.antoinfer.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3032 wrote to memory of 2032 3032 rundll32.exe rundll32.exe PID 3032 wrote to memory of 2032 3032 rundll32.exe rundll32.exe PID 3032 wrote to memory of 2032 3032 rundll32.exe rundll32.exe PID 3032 wrote to memory of 2032 3032 rundll32.exe rundll32.exe PID 3032 wrote to memory of 2032 3032 rundll32.exe rundll32.exe PID 3032 wrote to memory of 2032 3032 rundll32.exe rundll32.exe PID 3032 wrote to memory of 2032 3032 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\244fcb71c16ab8163f25c633dcb91b1c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\244fcb71c16ab8163f25c633dcb91b1c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2032-0-0x0000000074EC0000-0x0000000074FB4000-memory.dmpFilesize
976KB
-
memory/2032-1-0x0000000074EC0000-0x0000000074FB4000-memory.dmpFilesize
976KB
-
memory/2032-2-0x0000000000160000-0x0000000000161000-memory.dmpFilesize
4KB
-
memory/2032-3-0x0000000074EC0000-0x0000000074FB4000-memory.dmpFilesize
976KB
-
memory/2032-4-0x0000000074EC0000-0x0000000074FB4000-memory.dmpFilesize
976KB
-
memory/2032-5-0x0000000074EC0000-0x0000000074FB4000-memory.dmpFilesize
976KB
-
memory/2032-6-0x0000000074EC0000-0x0000000074FB4000-memory.dmpFilesize
976KB
-
memory/2032-9-0x0000000074EC0000-0x0000000074FB4000-memory.dmpFilesize
976KB
-
memory/2032-14-0x0000000074EC0000-0x0000000074FB4000-memory.dmpFilesize
976KB