092fa6becc2f58ec2777d7d9fb059e89f09fce358eef9b5d5fcac9d0d34cbb4c | Triage

Analysis

max time kernel
75s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2022 07:28

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

43KB
MD5

cbd91a1aae7ac0a86b9a7074d0f69bcc
SHA1

e0091ad6cebba035ebb62b648e4f88b6f7de449c
SHA256

092fa6becc2f58ec2777d7d9fb059e89f09fce358eef9b5d5fcac9d0d34cbb4c
SHA512

38f9f598e50a962d4c7d457698ab1b3cdf1a96843cdecdbd56ac74c629ad99b213686f618b8f012811a632c0a40f6660bd12b38134c5b7de5ddc27d64312635a
SSDEEP

768:+lYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp:+lYhzJ2VQEFf/2VYuAZOzNM7uyH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3440 wrote to memory of 4312	3440	rundll32.exe	rundll32.exe
PID 3440 wrote to memory of 4312	3440	rundll32.exe	rundll32.exe
PID 3440 wrote to memory of 4312	3440	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3440

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
2⤵
PID:4312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4312-132-0x0000000000000000-mapping.dmp

Download