65f35b0d1ab54a128cca4beeda2a2d846e520d9d2aa5c37661c3b41edb189e3b | Triage

Analysis

max time kernel
106s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2022, 13:01

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

43KB
MD5

96747974dd8b0e08f919cd3b3942c971
SHA1

b18c33fd9e92da1bb22912f6a92f677cc84122a0
SHA256

65f35b0d1ab54a128cca4beeda2a2d846e520d9d2aa5c37661c3b41edb189e3b
SHA512

759b08bd69a043862b14665988ada1d65cbc7078119c81d3ed2986dca24e418507a0492d3362686bf11eab7903cf683f8a6f25dfb28e5cf92d3c984f2708a58f
SSDEEP

768:6TmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiTb7gp6XFlkq9k7:6TmE+L5AkTixchBOKinCZ3eGGb7dTR9k

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 2496	1504	rundll32.exe	71
PID 1504 wrote to memory of 2496	1504	rundll32.exe	71
PID 1504 wrote to memory of 2496	1504	rundll32.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
  2⤵
  PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads