25202abc2b97d01ec9eb45c5b2c15853c01b18b2b598b7be872ea58e26fde094 | Triage

Analysis

max time kernel
75s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2022, 08:47

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

43KB
MD5

508f2889a54920c1ff730882ae37ec4b
SHA1

d46812975844b55e06f0ad2d798baf8cc7afd55f
SHA256

25202abc2b97d01ec9eb45c5b2c15853c01b18b2b598b7be872ea58e26fde094
SHA512

e9c1c16ce874e7db6485f73e71f6e4da58effec3bdf9b380ea7970db4c41fa62960c104a29a165fdc2106b8b23e2c7d66f95a7098953cc35cd6ea27a2dcff0b5
SSDEEP

768:SibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuAE:v7HdgfncFig5sfCQyXz1OTfM7AYHuAE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 3920	3536	rundll32.exe	84
PID 3536 wrote to memory of 3920	3536	rundll32.exe	84
PID 3536 wrote to memory of 3920	3536	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
  2⤵
  PID:3920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads