53a152ce008fbe0a467f7816ed237692b3839495425b3b28844a5a032630a9e9 | Triage

Analysis

max time kernel
117s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 12:56

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

43KB
MD5

4daae4e5b599410b39b55833d61819e7
SHA1

8769d522b951aa86259e5239919045adaed05daa
SHA256

53a152ce008fbe0a467f7816ed237692b3839495425b3b28844a5a032630a9e9
SHA512

ff35a1ddf3fe10976a75580a670a1047c9b2e2ba922363587b894b081e2d19f58574cb4fbc3ced29de2098461752e4004587989129f030ecb41598b47a305883
SSDEEP

768:TlYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp:TlYhzJ2VQEFf/2VYuAZOzNM7uyH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4800 wrote to memory of 3128	4800	rundll32.exe	rundll32.exe
PID 4800 wrote to memory of 3128	4800	rundll32.exe	rundll32.exe
PID 4800 wrote to memory of 3128	4800	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
  2⤵
  PID:3128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3128-132-0x0000000000000000-mapping.dmp

Download