Analysis
-
max time kernel
135s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
09-08-2022 12:20
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-20220715-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-20220721-en
1 signatures
150 seconds
General
-
Target
gozi.dll
-
Size
43KB
-
MD5
e36a2ad652142295d4a83f009597e897
-
SHA1
3ac847fdf1889ee87b60af6cf0ef7a6535785156
-
SHA256
d312a673f75b4f7b6ed96b7d0da28e0da41f191807af6541c84da85a56bb4134
-
SHA512
1764400f84cf451e29583c161a0cf7901ccf45aa4b7f7dfef5ac17e3590fc98215ad8ccad69012a74e2f8eaf0f4d7153e12de16815bf46941b70a826eaea41c3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1348 wrote to memory of 4968 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 4968 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 4968 1348 rundll32.exe rundll32.exe