5ea2b9d4c4b4f5f102d63de28ad8ce4016a01469cd2c2ab92be57e5af6839f87 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28-09-2022 12:27

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

43KB
MD5

2a29f12a43156619c6a97cb54844b053
SHA1

d7deab6e3c5e158b73c9ffb1455cb57f04423786
SHA256

5ea2b9d4c4b4f5f102d63de28ad8ce4016a01469cd2c2ab92be57e5af6839f87
SHA512

6face3d956fc26757a215d3b88c3acbd6bd9f2bf3899073bd86c0fb1c9aeb564e75f41503527afdccf7f2fff53247383a79730aca3e7388923ecf6c04660ebb3
SSDEEP

768:9TmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiTb7gp6XFlkq9k:9TmE+L5AkTixchBOKinCZ3eGGb7dTR9k

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
  2⤵
  PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-54-0x0000000000000000-mapping.dmp

Download
memory/1744-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download