Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
02-03-2022 22:42
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
gozi.dll
-
Size
43KB
-
MD5
c72e3eba124896e10bd8acc54b1565fe
-
SHA1
d19dd19fae7d61293e1879034b8a784f694b76e9
-
SHA256
44b62bc022a43cfa60975be021a4f4d34caead61d23f2a925b7b470899b0195e
-
SHA512
92929eafa1b48b79cbe00a65c7cd82d65261bc472cd2c5f0941bbb2c76a3721de9d0090c6053b9f53ed193a2b3fe9b9ce7406d0781ae52c3985898a318f68595
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1620 wrote to memory of 836 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 836 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 836 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 836 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 836 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 836 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 836 1620 rundll32.exe rundll32.exe