Analysis Overview
SHA256
2d4d70c14741e6eb9ad05c3aa1f03047088d2324726d79118c68d436ed6b157d
Threat Level: Known bad
The file 2d4d70c14741e6eb9ad05c3aa1f03047088d2324726d79118c68d436ed6b157d was found to be: Known bad.
Malicious Activity Summary
Gozi, Gozi IFSB
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-06-14 19:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-06-14 19:51
Reported
2022-06-14 20:16
Platform
win7-20220414-en
Max time kernel
39s
Max time network
43s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\2d4d70c14741e6eb9ad05c3aa1f03047088d2324726d79118c68d436ed6b157d.exe
"C:\Users\Admin\AppData\Local\Temp\2d4d70c14741e6eb9ad05c3aa1f03047088d2324726d79118c68d436ed6b157d.exe"
Network
Files
memory/1892-54-0x00000000756A1000-0x00000000756A3000-memory.dmp
memory/1892-55-0x0000000000260000-0x00000000002DB000-memory.dmp
memory/1892-57-0x0000000000260000-0x00000000002DB000-memory.dmp
memory/1892-56-0x0000000000260000-0x000000000026F000-memory.dmp
memory/1892-58-0x0000000000200000-0x000000000021B000-memory.dmp
memory/1892-61-0x0000000000260000-0x00000000002DB000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-06-14 19:51
Reported
2022-06-14 20:15
Platform
win10v2004-20220414-en
Max time kernel
41s
Max time network
73s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\2d4d70c14741e6eb9ad05c3aa1f03047088d2324726d79118c68d436ed6b157d.exe
"C:\Users\Admin\AppData\Local\Temp\2d4d70c14741e6eb9ad05c3aa1f03047088d2324726d79118c68d436ed6b157d.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 104.110.191.133:80 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 20.189.173.13:443 | tcp |
Files
memory/4668-130-0x00000000001E0000-0x000000000025B000-memory.dmp
memory/4668-131-0x00000000001E0000-0x00000000001EF000-memory.dmp
memory/4668-132-0x00000000001E0000-0x000000000025B000-memory.dmp
memory/4668-133-0x00000000001E0000-0x000000000025B000-memory.dmp
memory/4668-134-0x0000000002610000-0x000000000262B000-memory.dmp
memory/4668-137-0x00000000001E0000-0x000000000025B000-memory.dmp