Analysis
-
max time kernel
39s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-06-2022 05:55
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
gozi.dll
-
Size
43KB
-
MD5
8b888a37c0dfd4a2724189c30cfbdc56
-
SHA1
9642670c0dacfe36fdfd7ceed9a99613e1735509
-
SHA256
5acc0d8eeb5c1ff0e025c9369f6e7b5183b9fc155144e61b8e19d7d6ca995306
-
SHA512
23a7f78d511f9f8e13683bd882562daa6938186e229084cf4f96737c23d02cb4bf9d35ea7fb0825ad797d55371d98353a619142f66b4869dfbe957bacb46866d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2036 wrote to memory of 2032 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 2032 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 2032 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 2032 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 2032 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 2032 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 2032 2036 rundll32.exe rundll32.exe