25202abc2b97d01ec9eb45c5b2c15853c01b18b2b598b7be872ea58e26fde094 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-09-2022 08:47

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

43KB
MD5

508f2889a54920c1ff730882ae37ec4b
SHA1

d46812975844b55e06f0ad2d798baf8cc7afd55f
SHA256

25202abc2b97d01ec9eb45c5b2c15853c01b18b2b598b7be872ea58e26fde094
SHA512

e9c1c16ce874e7db6485f73e71f6e4da58effec3bdf9b380ea7970db4c41fa62960c104a29a165fdc2106b8b23e2c7d66f95a7098953cc35cd6ea27a2dcff0b5
SSDEEP

768:SibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuAE:v7HdgfncFig5sfCQyXz1OTfM7AYHuAE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
  2⤵
  PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x0000000000000000-mapping.dmp

Download
memory/964-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download