Analysis Overview
SHA256
2ba3281b5ae981f0051176ad0f02b081245aace69910c9975f73754bbe98fcd4
Threat Level: Known bad
The file 2ba3281b5ae981f0051176ad0f02b081245aace69910c9975f73754bbe98fcd4 was found to be: Known bad.
Malicious Activity Summary
Gozi, Gozi IFSB
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-06-15 01:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-06-15 01:28
Reported
2022-06-15 04:15
Platform
win7-20220414-en
Max time kernel
111s
Max time network
46s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\2ba3281b5ae981f0051176ad0f02b081245aace69910c9975f73754bbe98fcd4.exe
"C:\Users\Admin\AppData\Local\Temp\2ba3281b5ae981f0051176ad0f02b081245aace69910c9975f73754bbe98fcd4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 93.184.220.29:80 | tcp |
Files
memory/1640-54-0x0000000000400000-0x000000000040F000-memory.dmp
memory/1640-55-0x0000000000400000-0x0000000000447000-memory.dmp
memory/1640-56-0x0000000000260000-0x000000000027B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-06-15 01:28
Reported
2022-06-15 04:15
Platform
win10v2004-20220414-en
Max time kernel
26s
Max time network
40s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\2ba3281b5ae981f0051176ad0f02b081245aace69910c9975f73754bbe98fcd4.exe
"C:\Users\Admin\AppData\Local\Temp\2ba3281b5ae981f0051176ad0f02b081245aace69910c9975f73754bbe98fcd4.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 88.221.144.179:80 | tcp | |
| NL | 88.221.144.179:80 | tcp |
Files
memory/1100-131-0x0000000000400000-0x0000000000447000-memory.dmp
memory/1100-130-0x0000000000400000-0x000000000040F000-memory.dmp
memory/1100-132-0x00000000021D0000-0x00000000021EB000-memory.dmp