Analysis Overview
SHA256
b92e9e2c758e32857506f9472cc51aec4b499afa6f703f7c40218e4e4258da86
Threat Level: Known bad
The file 468042278a3e4841d3e33ccca10d99ca was found to be: Known bad.
Malicious Activity Summary
Gozi, Gozi IFSB
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-08-03 14:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-03 14:30
Reported
2022-08-03 14:32
Platform
win7-20220715-en
Max time kernel
44s
Max time network
48s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe
"C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe"
Network
Files
memory/1824-55-0x0000000000220000-0x000000000022B000-memory.dmp
memory/1824-54-0x000000000058B000-0x000000000059C000-memory.dmp
memory/1824-56-0x0000000000400000-0x0000000000462000-memory.dmp
memory/1824-57-0x0000000000400000-0x0000000000462000-memory.dmp
memory/1824-58-0x0000000000290000-0x000000000029D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-03 14:30
Reported
2022-08-03 14:32
Platform
win10v2004-20220721-en
Max time kernel
107s
Max time network
135s
Command Line
Signatures
Gozi, Gozi IFSB
Processes
C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe
"C:\Users\Admin\AppData\Local\Temp\468042278a3e4841d3e33ccca10d99ca.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | trackingg-protectioon.cdn1.mozilla.net | udp |
| US | 93.184.221.240:80 | tcp | |
| NL | 13.69.116.104:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| NL | 194.76.225.168:80 | 194.76.225.168 | tcp |
| US | 8.8.8.8:53 | trackingg-protectioon.cdn1.mozilla.net | udp |
Files
memory/848-130-0x00000000006C8000-0x00000000006D9000-memory.dmp
memory/848-131-0x0000000000680000-0x000000000068B000-memory.dmp
memory/848-132-0x0000000000400000-0x0000000000462000-memory.dmp
memory/848-133-0x00000000006A0000-0x00000000006AD000-memory.dmp
memory/848-136-0x00000000006C8000-0x00000000006D9000-memory.dmp
memory/848-137-0x0000000000400000-0x0000000000462000-memory.dmp