gozi_ifsb | a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 06:21

Sharing

Report Analysis Logs

General

Target

a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe
Size

352KB
MD5

5e58ce6ab4db0018af5d89544d5aafe1
SHA1

10db699993eb09799ff16304f6ad0229d1ecf2c8
SHA256

a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42
SHA512

8a9b19ac641498abf62864ce581436c4010a5156130a762cc8e96cbacac40016082bb26a03c9494d8b1f3b26817e96042f0c76903dff08891624ed3842e19c58

Score

10^/10

gozi_ifsb banker trojan

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214082

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

912 880 WerFault.exe a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe

description	pid	process	target process
PID 880 wrote to memory of 912	880	a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe	WerFault.exe
PID 880 wrote to memory of 912	880	a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe	WerFault.exe
PID 880 wrote to memory of 912	880	a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe	WerFault.exe
PID 880 wrote to memory of 912	880	a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe
"C:\Users\Admin\AppData\Local\Temp\a15a6a727942f41f7fc9b3907da7792ad201a762dc177efb18b7be9edab9ed42.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 104
2⤵
- Program crash
PID:912

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/880-54-0x0000000001150000-0x00000000011B4000-memory.dmp

Filesize
400KB

Download
memory/880-55-0x0000000001150000-0x000000000115E000-memory.dmp

Filesize
56KB

Download
memory/880-56-0x0000000001150000-0x00000000011B4000-memory.dmp

Filesize
400KB

Download
memory/880-58-0x0000000001150000-0x00000000011B4000-memory.dmp

Filesize
400KB

Download
memory/912-57-0x0000000000000000-mapping.dmp

Download