Analysis Overview
SHA256
5ab8302914556001844c3e5bc1b09a4b41814a45da2b51d5dc5ac7c7330ef66c
Threat Level: Known bad
The file 5ab8302914556001844c3e5bc1b09a4b41814a45da2b51d5dc5ac7c7330ef66c was found to be: Known bad.
Malicious Activity Summary
Gozi, Gozi IFSB
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2022-08-02 02:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-02 02:33
Reported
2022-08-02 04:02
Platform
win7-20220718-en
Max time kernel
122s
Max time network
46s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\5ab8302914556001844c3e5bc1b09a4b41814a45da2b51d5dc5ac7c7330ef66c.exe
"C:\Users\Admin\AppData\Local\Temp\5ab8302914556001844c3e5bc1b09a4b41814a45da2b51d5dc5ac7c7330ef66c.exe"
Network
Files
memory/1996-55-0x0000000000D50000-0x0000000000DA3000-memory.dmp
memory/1996-54-0x0000000000D50000-0x0000000000D5F000-memory.dmp
memory/1996-56-0x0000000000120000-0x000000000013B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-02 02:33
Reported
2022-08-02 04:04
Platform
win10v2004-20220721-en
Max time kernel
72s
Max time network
143s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\5ab8302914556001844c3e5bc1b09a4b41814a45da2b51d5dc5ac7c7330ef66c.exe
"C:\Users\Admin\AppData\Local\Temp\5ab8302914556001844c3e5bc1b09a4b41814a45da2b51d5dc5ac7c7330ef66c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| NL | 40.126.32.68:443 | tcp | |
| IE | 20.50.73.9:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp |
Files
memory/2184-130-0x00000000001E0000-0x00000000001EF000-memory.dmp
memory/2184-131-0x00000000001E0000-0x0000000000233000-memory.dmp
memory/2184-132-0x0000000002470000-0x000000000248B000-memory.dmp