Analysis
-
max time kernel
435s -
max time network
438s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
26-10-2022 23:52
General
-
Target
0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked.dll
-
Size
89KB
-
MD5
ffc592251858b76abc3db0dbfe7a078d
-
SHA1
48735504d3dd1444f326862a8725fe380818fbcd
-
SHA256
1f7c992588a82d6bec0f5dd1b5de60c3bb937797e8c78c9d11a7cd4313baadf9
-
SHA512
5c24bc0dbd2024cec9390430f0d2b91f8ad97b71ff08d39ac339aac3b4f25c178cde0769785f812b6537ae4c2d94773c48936bbd942e97cfc057dd8b9ad4b20f
-
SSDEEP
1536:D5LMc5TFyZiEK6wwicirXrc0dbYdmGNu0CPFDNIWvsZr2TVsaPO:2c5TFyZirXQh9CNDNIW55O
Score
10/10
Malware Config
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked.dll,#12⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1364-54-0x0000000000000000-mapping.dmp
-
memory/1364-55-0x0000000075281000-0x0000000075283000-memory.dmpFilesize
8KB