ec57d48f9a8f736a40382e30903debbbe0e077fdc4796a5d15b751fb4afa4ca0 | Triage

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26-10-2022 06:34

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

43KB
MD5

2bff375e136582e27baf83074b8e2e33
SHA1

0feb0aeed9b58da0767568424aa6659f520d73ef
SHA256

ec57d48f9a8f736a40382e30903debbbe0e077fdc4796a5d15b751fb4afa4ca0
SHA512

8ead29614f3123fe206a26b6191a59bd69b8392683f8d34355048123b70e7c12fef4fa1511f8fb333835df959484f9d4c782a7a2c78dd6acd04987b04f73f844
SSDEEP

768:FTmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiTb7gp6XFlkq9k34d:FTmE+L5AkTixchBOKinCZ3eGGb7dTR9D

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1672 wrote to memory of 1724	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1724	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1724	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1724	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1724	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1724	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1724	1672	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
  2⤵
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1724-54-0x0000000000000000-mapping.dmp

Download
memory/1724-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download