Analysis Overview
SHA256
d789dad04bc80a082d4ba6271e1f6b825877c0c9bf08f5e60d868dba2e5d3f02
Threat Level: Known bad
The file d789dad04bc80a082d4ba6271e1f6b825877c0c9bf08f5e60d868dba2e5d3f02 was found to be: Known bad.
Malicious Activity Summary
Gozi, Gozi IFSB
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2022-07-24 15:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-24 15:11
Reported
2022-07-25 10:20
Platform
win7-20220715-en
Max time kernel
147s
Max time network
50s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\d789dad04bc80a082d4ba6271e1f6b825877c0c9bf08f5e60d868dba2e5d3f02.exe
"C:\Users\Admin\AppData\Local\Temp\d789dad04bc80a082d4ba6271e1f6b825877c0c9bf08f5e60d868dba2e5d3f02.exe"
Network
Files
memory/1396-55-0x0000000000400000-0x0000000000441000-memory.dmp
memory/1396-54-0x0000000000400000-0x000000000040F000-memory.dmp
memory/1396-56-0x00000000003E0000-0x00000000003FB000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-24 15:11
Reported
2022-07-25 10:20
Platform
win10v2004-20220721-en
Max time kernel
32s
Max time network
38s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\d789dad04bc80a082d4ba6271e1f6b825877c0c9bf08f5e60d868dba2e5d3f02.exe
"C:\Users\Admin\AppData\Local\Temp\d789dad04bc80a082d4ba6271e1f6b825877c0c9bf08f5e60d868dba2e5d3f02.exe"
Network
| Country | Destination | Domain | Proto |
| BE | 8.238.110.126:80 | tcp | |
| BE | 8.238.110.126:80 | tcp | |
| BE | 8.238.110.126:80 | tcp | |
| US | 52.109.12.20:443 | tcp |
Files
memory/4540-130-0x0000000000400000-0x000000000040F000-memory.dmp
memory/4540-131-0x0000000000400000-0x0000000000441000-memory.dmp
memory/4540-132-0x00000000005E0000-0x00000000005FB000-memory.dmp