Overview

overview

10

Static

static

10

gozi.dll

windows7-x64

1

gozi.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    172s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gozi.dll

  • Size

    43KB

  • MD5

    067b4232f5e6a7e954094c76c521b05d

  • SHA1

    97ba6f1793b9da6906ce3179d633efd11d366fbf

  • SHA256

    ba8b9c888d1e6f4e6251217f72f6fe13b2e4a58918af0d120edb5508d90dbade

  • SHA512

    34560a7e18553c1b6cc5854e9413b92313c280919cbc2678bbf96f0b4fbce0e496c4347b8e91aa8c2755a51528e78e4c0e8fb14ee6cf2d5fea654e4998382aef

  • SSDEEP

    768:BO60dvSXUWzHY4kD/zaho82WVV3rh5Uznoo7e6GzheOB/G7gpdS4JowCyjQBOD:BOLgy4kD/2H2WjbhcTGNeOdG7uS45QBO

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
      2⤵
        PID:3484

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3484-132-0x0000000000000000-mapping.dmp

      Download