Analysis

  • max time kernel
    56s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2022 21:58

General

  • Target

    ab69f7e7b8d82c34676782f9db23194f96c95dff279ada81daefd1f5cfe113d6.exe

  • Size

    149KB

  • MD5

    d11e42adad914c3ba95a4d54153a20d0

  • SHA1

    12ec8bd57957135869f51ac40fb573fd15f40565

  • SHA256

    ab69f7e7b8d82c34676782f9db23194f96c95dff279ada81daefd1f5cfe113d6

  • SHA512

    69e143143e7c6b1d03caf9a60587a800e4d7a982757dbc0335867947a3fee77730f719d975ca2b28c827ed9f9e3a7787284169c1423b13a4d918262d032abbc6

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214085

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab69f7e7b8d82c34676782f9db23194f96c95dff279ada81daefd1f5cfe113d6.exe
    "C:\Users\Admin\AppData\Local\Temp\ab69f7e7b8d82c34676782f9db23194f96c95dff279ada81daefd1f5cfe113d6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 204
      2⤵
      • Program crash
      PID:1568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1416-54-0x0000000075761000-0x0000000075763000-memory.dmp
    Filesize

    8KB

  • memory/1416-55-0x0000000001060000-0x000000000111F000-memory.dmp
    Filesize

    764KB

  • memory/1416-57-0x0000000001060000-0x000000000111F000-memory.dmp
    Filesize

    764KB

  • memory/1416-56-0x0000000001060000-0x000000000106E000-memory.dmp
    Filesize

    56KB

  • memory/1416-59-0x0000000001060000-0x000000000111F000-memory.dmp
    Filesize

    764KB

  • memory/1568-58-0x0000000000000000-mapping.dmp