Analysis
-
max time kernel
25s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 13:53
General
-
Target
ce0ba06a512563856c9bb57634d7926531a4131ab4eaf132467a47a55ae5b089.exe
-
Size
250KB
-
MD5
e3501c44d1a4149ac214af3db4883ca5
-
SHA1
a28c31a01260b5ef2b676bef6b2bdc657c597263
-
SHA256
ce0ba06a512563856c9bb57634d7926531a4131ab4eaf132467a47a55ae5b089
-
SHA512
56e3dbcc295d53e16e41502f9ef6949059c87bfbae9b9ff728d622d1b27f8b05e903d797ee8181426941f672930d449aa5c75d7063a416f79c046c870b59355e
Score
10/10
Malware Config
Extracted
Family
gozi_rm3
Attributes
-
build
300904
Signatures
-
Gozi RM3
A heavily modified version of Gozi using RM3 loader.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ce0ba06a512563856c9bb57634d7926531a4131ab4eaf132467a47a55ae5b089.exe"C:\Users\Admin\AppData\Local\Temp\ce0ba06a512563856c9bb57634d7926531a4131ab4eaf132467a47a55ae5b089.exe"1⤵
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3884 CREDAT:17410 /prefetch:22⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3328-131-0x0000000000400000-0x000000000043F000-memory.dmpFilesize
252KB
-
memory/3328-130-0x0000000000690000-0x00000000006B8000-memory.dmpFilesize
160KB
-
memory/3328-132-0x00000000006C0000-0x00000000006D7000-memory.dmpFilesize
92KB