gozi_ifsb | 7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120

Analysis

max time kernel
160s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2022 05:08

Target

7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120.exe
Size

663KB
MD5

7a4af18d561a31a156762b6cf01b981e
SHA1

f4222f6bc717d0f6280b53c58549e6633bd8c7bc
SHA256

7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120
SHA512

97c0d7977dfb218a5c31c12a358e45ca18423c11c59e38884b1de0c1feb86c34aa8e11272b9b5971998967630ba983538af0645f1bee4b5ab86f2f23e707a9a9

Score

10^/10

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

Program crash 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
668	4532	WerFault.exe	7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120.exe
1380	4532	WerFault.exe	7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120.exe
2788	4532	WerFault.exe	7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120.exe
1004	4532	WerFault.exe	7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120.exe
4772	4532	WerFault.exe	7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120.exe

C:\Users\Admin\AppData\Local\Temp\7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120.exe
"C:\Users\Admin\AppData\Local\Temp\7c35ac9b94a6e3cbcadf70b8c6d42c0a8385bb6b58953db4adec28e8eee8d120.exe"
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 236
2⤵
- Program crash
PID:668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 284
2⤵
- Program crash
PID:1380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 320
2⤵
- Program crash
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 328
2⤵
- Program crash
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 228
2⤵
- Program crash
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4532 -ip 4532
1⤵
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4532 -ip 4532
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4532 -ip 4532
1⤵
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4532 -ip 4532
1⤵
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4532 -ip 4532
1⤵
PID:4736

memory/4532-130-0x000000000086B000-0x00000000008B6000-memory.dmp

Filesize
300KB

Download
memory/4532-131-0x0000000000600000-0x0000000000649000-memory.dmp

Filesize
292KB

Download
memory/4532-132-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/4532-133-0x000000000086B000-0x00000000008B6000-memory.dmp

Filesize
300KB

Download
memory/4532-134-0x0000000002290000-0x00000000022DA000-memory.dmp

Filesize
296KB

Download
memory/4532-141-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download