Analysis
-
max time kernel
477s -
max time network
430s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
27-10-2022 00:07
General
-
Target
2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_x64.dll
-
Size
186KB
-
MD5
b66655073329e82bc7c70dfc3b8d9072
-
SHA1
7de7bbff2ae7b9e6bfe65546c40ad675a03dd36b
-
SHA256
642c7b965505ad416589c0ae31ad737b198517e065eb8d9f65073cbcbe40a130
-
SHA512
d59ccf7106c9c2d73388cf479ed44572c16c128b249783153da5ad9b7446c4bef6d8cb558293a7891443f73e71a169bb385a6ce2a65e216cca8ca94e24ec87ec
-
SSDEEP
3072:+IrsCMRP7NViyWcrdfcP5hmhLGbHz2k/xetTogGyzTiAh3/aOJVlkJ:+IrN+JViy3dfcuLGbaptTogGutaOFkJ
Score
10/10
Malware Config
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_x64.dll,#12⤵
- Suspicious use of WriteProcessMemory