Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
21/03/2023, 11:09
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-20230221-en
1 signatures
150 seconds
General
-
Target
gozi.dll
-
Size
43KB
-
MD5
fdd1923185c7504723ecb1e0f775094e
-
SHA1
5e6140124993173054f3dc94e914b239f9f2db0a
-
SHA256
c43b5d3f736b3f86f0603f8f4afca144a5118c8d1a987df461378ce8cfd20036
-
SHA512
4ce50f003e5b0f7740e90e7a9e7d451da6c9643b10b32c8898615875f6da42a7d55514d08702131012dd4e1f260bd54ca2d27523b26e949cf78f27150473c00c
-
SSDEEP
768:j0gsqVXye2rS/Q4VYXQIVpCHlNBmQWGk2j+A6ewBvu7gpzhK3D1Gcq:j9sq8S/QEYXQIVWlvmYp6ewNu7hD1Gcq
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1720 wrote to memory of 1640 1720 rundll32.exe 28 PID 1720 wrote to memory of 1640 1720 rundll32.exe 28 PID 1720 wrote to memory of 1640 1720 rundll32.exe 28 PID 1720 wrote to memory of 1640 1720 rundll32.exe 28 PID 1720 wrote to memory of 1640 1720 rundll32.exe 28 PID 1720 wrote to memory of 1640 1720 rundll32.exe 28 PID 1720 wrote to memory of 1640 1720 rundll32.exe 28