Analysis Overview
SHA256
b41ad21610ae56b175d9272e04409a8507f76949bad7120a987639b7c60b3447
Threat Level: Known bad
The file b41ad21610ae56b175d9272e04409a8507f76949bad7120a987639b7c60b3447 was found to be: Known bad.
Malicious Activity Summary
Gozi, Gozi IFSB
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2022-07-31 05:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-31 05:17
Reported
2022-07-31 07:49
Platform
win7-20220715-en
Max time kernel
115s
Max time network
44s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\b41ad21610ae56b175d9272e04409a8507f76949bad7120a987639b7c60b3447.exe
"C:\Users\Admin\AppData\Local\Temp\b41ad21610ae56b175d9272e04409a8507f76949bad7120a987639b7c60b3447.exe"
Network
Files
memory/1904-55-0x0000000000370000-0x00000000003C3000-memory.dmp
memory/1904-54-0x0000000000370000-0x000000000037F000-memory.dmp
memory/1904-56-0x0000000000120000-0x000000000013B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-31 05:17
Reported
2022-07-31 07:49
Platform
win10v2004-20220722-en
Max time kernel
38s
Max time network
44s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\b41ad21610ae56b175d9272e04409a8507f76949bad7120a987639b7c60b3447.exe
"C:\Users\Admin\AppData\Local\Temp\b41ad21610ae56b175d9272e04409a8507f76949bad7120a987639b7c60b3447.exe"
Network
| Country | Destination | Domain | Proto |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 52.242.101.226:443 | tcp |
Files
memory/4856-132-0x0000000000DE0000-0x0000000000DEF000-memory.dmp
memory/4856-133-0x0000000000DE0000-0x0000000000E33000-memory.dmp
memory/4856-134-0x0000000000F60000-0x0000000000F7B000-memory.dmp