Analysis
-
max time kernel
86s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 02:13
General
-
Target
f4848c59b6dab07ec39fba5dd98253fbebd65af0862157e72fa5d1cf3469d7ca.dll
-
Size
696KB
-
MD5
a908e3261ee99c8fe331293b2fc11d6f
-
SHA1
a5e8d1183e5d816847913d3c50e1900bf5dd5186
-
SHA256
f4848c59b6dab07ec39fba5dd98253fbebd65af0862157e72fa5d1cf3469d7ca
-
SHA512
276d301fbc93ea1457d4d5036cbe48064c34ce4f81a340ee972e575a6f9c4eaf7c0930b79f2409f8a79e1fd8ccb2e48ac84dc57e028fcb3f736298a485917184
Score
10/10
Malware Config
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f4848c59b6dab07ec39fba5dd98253fbebd65af0862157e72fa5d1cf3469d7ca.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f4848c59b6dab07ec39fba5dd98253fbebd65af0862157e72fa5d1cf3469d7ca.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1360-54-0x0000000000000000-mapping.dmp
-
memory/1360-55-0x0000000076011000-0x0000000076013000-memory.dmpFilesize
8KB
-
memory/1360-56-0x0000000002140000-0x0000000002AFC000-memory.dmpFilesize
9.7MB
-
memory/1360-57-0x0000000002140000-0x0000000002AFC000-memory.dmpFilesize
9.7MB
-
memory/1360-58-0x0000000002140000-0x000000000218B000-memory.dmpFilesize
300KB
-
memory/1360-59-0x0000000002140000-0x0000000002AFC000-memory.dmpFilesize
9.7MB
-
memory/1360-60-0x0000000002140000-0x0000000002AFC000-memory.dmpFilesize
9.7MB
-
memory/1360-61-0x00000000002F0000-0x000000000033A000-memory.dmpFilesize
296KB