Analysis

  • max time kernel
    137s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12/06/2022, 23:06

General

  • Target

    1de19027de6a43180bf2942e0c2e06a52203412f11727896bace128a04d0c0eb.exe

  • Size

    362KB

  • MD5

    07aad06694380a37d6b111c332bab665

  • SHA1

    463e309964de5a56f86afd565b50127fd7bd57fe

  • SHA256

    1de19027de6a43180bf2942e0c2e06a52203412f11727896bace128a04d0c0eb

  • SHA512

    86e454bd5250e4b2b7e78ac7df8fa2fa943cf58127f76ca034910191a9529c22aeed1d75b07c5fcf23b4347774fc29985281ac139c8247b2585f887be1bcca72

Score
10/10

Malware Config

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

  • Suspicious behavior: LoadsDriver 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1de19027de6a43180bf2942e0c2e06a52203412f11727896bace128a04d0c0eb.exe
    "C:\Users\Admin\AppData\Local\Temp\1de19027de6a43180bf2942e0c2e06a52203412f11727896bace128a04d0c0eb.exe"
    1⤵
      PID:4000

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4000-130-0x0000000003D30000-0x0000000003D59000-memory.dmp

            Filesize

            164KB

          • memory/4000-131-0x0000000003D30000-0x0000000003D59000-memory.dmp

            Filesize

            164KB

          • memory/4000-132-0x0000000000400000-0x000000000045F000-memory.dmp

            Filesize

            380KB