Analysis

  • max time kernel
    411s
  • max time network
    414s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-10-2022 00:07

General

  • Target

    514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked.dll

  • Size

    247KB

  • MD5

    42bec6ebbf72c0c13f7d0430fdec6a83

  • SHA1

    fe52ac86deecae98d7f9c452360a19c909b301ea

  • SHA256

    a08b6bd2b9d190017e68c7d032065e6fe0f169fd9400e5589ffe5de82fcf3646

  • SHA512

    cfb61d4f2a9041d7f55e74fd0b4a0c0df1612aa059b06e9be54064cefac25615ac082b16979c50b86f7ab5b62be52400a37a5f83543a88e18764c86299582c52

  • SSDEEP

    6144:INDg0fYEB+SMqV8qlalvaRFhlRaPBGlwCAkuKdgN940OiB:IhB+SfV8qgliBloGlEpf

Score
10/10

Malware Config

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:360
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked.dll,#1
      2⤵
        PID:1108

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1108-54-0x0000000000000000-mapping.dmp

    • memory/1108-55-0x0000000075771000-0x0000000075773000-memory.dmp

      Filesize

      8KB