Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-03-2024 15:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d667b1620c679459b264492bfac2703b.dll
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
d667b1620c679459b264492bfac2703b.dll
-
Size
551KB
-
MD5
d667b1620c679459b264492bfac2703b
-
SHA1
2eea0c6336defa9de132815607490035e47ea734
-
SHA256
fb3009e2deadbc2d6760489395bafba79aab3a3cfb41be06181d51bfe864d09b
-
SHA512
bac6f9956237df1a1fd2554e1210365ce1521a0cd89601b0228cebcb94c3ef6e454885079fa5f0e9383a63e378fe86490c935b1e99901c9500081f89549f3d4e
-
SSDEEP
12288:4dsRFeVssCM5gMrj/LMMtBV0P6Fm92E89xE6FWkogdBtXcPZMfvG1EqYDWDt42O/:usRIfhAadeFoQqffC
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
1500
C2
f1.bablefiler.at
f22.avanoruk.com
Attributes
-
build
250211
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2332 wrote to memory of 2172 2332 rundll32.exe rundll32.exe PID 2332 wrote to memory of 2172 2332 rundll32.exe rundll32.exe PID 2332 wrote to memory of 2172 2332 rundll32.exe rundll32.exe PID 2332 wrote to memory of 2172 2332 rundll32.exe rundll32.exe PID 2332 wrote to memory of 2172 2332 rundll32.exe rundll32.exe PID 2332 wrote to memory of 2172 2332 rundll32.exe rundll32.exe PID 2332 wrote to memory of 2172 2332 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d667b1620c679459b264492bfac2703b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d667b1620c679459b264492bfac2703b.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2172-0-0x0000000074580000-0x00000000746A4000-memory.dmpFilesize
1.1MB
-
memory/2172-1-0x0000000074580000-0x00000000746A4000-memory.dmpFilesize
1.1MB
-
memory/2172-2-0x0000000000120000-0x0000000000121000-memory.dmpFilesize
4KB
-
memory/2172-3-0x0000000000180000-0x000000000018D000-memory.dmpFilesize
52KB
-
memory/2172-6-0x0000000074580000-0x00000000746A4000-memory.dmpFilesize
1.1MB