Analysis Overview
SHA256
5fa8a51395d3ce00e03e399241ce296ea81c2a4fe7b03ea7d765c22529e156a0
Threat Level: Known bad
The file 5fa8a51395d3ce00e03e399241ce296ea81c2a4fe7b03ea7d765c22529e156a0 was found to be: Known bad.
Malicious Activity Summary
Gozi, Gozi IFSB
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2022-07-31 10:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-31 10:13
Reported
2022-07-31 13:40
Platform
win7-20220718-en
Max time kernel
148s
Max time network
46s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\5fa8a51395d3ce00e03e399241ce296ea81c2a4fe7b03ea7d765c22529e156a0.exe
"C:\Users\Admin\AppData\Local\Temp\5fa8a51395d3ce00e03e399241ce296ea81c2a4fe7b03ea7d765c22529e156a0.exe"
Network
Files
memory/1976-54-0x0000000000400000-0x000000000040F000-memory.dmp
memory/1976-55-0x0000000000400000-0x0000000000441000-memory.dmp
memory/1976-56-0x00000000002A0000-0x00000000002BB000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-31 10:13
Reported
2022-07-31 13:40
Platform
win10v2004-20220721-en
Max time kernel
55s
Max time network
88s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\5fa8a51395d3ce00e03e399241ce296ea81c2a4fe7b03ea7d765c22529e156a0.exe
"C:\Users\Admin\AppData\Local\Temp\5fa8a51395d3ce00e03e399241ce296ea81c2a4fe7b03ea7d765c22529e156a0.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 88.221.144.192:80 | tcp | |
| NL | 88.221.144.192:80 | tcp | |
| NL | 40.126.32.76:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| FR | 2.18.109.224:443 | tcp | |
| DE | 51.116.253.169:443 | tcp | |
| US | 52.152.110.14:443 | tcp |
Files
memory/4260-130-0x0000000000400000-0x000000000040F000-memory.dmp
memory/4260-131-0x0000000000400000-0x0000000000441000-memory.dmp
memory/4260-132-0x00000000021D0000-0x00000000021EB000-memory.dmp