4e0019b05bb4997a904465ea7e25b5b58c1d1eb3eca756b37db118c5ac3bb564 | Triage

Analysis

max time kernel
75s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
26/09/2022, 13:41

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

43KB
MD5

ef7a0cc9b9283cbf25044a01330162e9
SHA1

26106afb015720fa553217e042e23207f386c933
SHA256

4e0019b05bb4997a904465ea7e25b5b58c1d1eb3eca756b37db118c5ac3bb564
SHA512

b9c91f2ce495f9534fc0db5e07940461a39e56a19131a0a38bc51f773afccbb54b92b50bdfa4e85d5a312f3660294cf6c4de00dd53c6c7aa6198e1f626433b59
SSDEEP

768:qTmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiTb7gp6XFlkq9k:qTmE+L5AkTixchBOKinCZ3eGGb7dTR9k

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 4488	5016	rundll32.exe	82
PID 5016 wrote to memory of 4488	5016	rundll32.exe	82
PID 5016 wrote to memory of 4488	5016	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
  2⤵
  PID:4488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads