Analysis
-
max time kernel
135s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
21/03/2023, 11:09
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-20230221-en
1 signatures
150 seconds
General
-
Target
gozi.dll
-
Size
43KB
-
MD5
fdd1923185c7504723ecb1e0f775094e
-
SHA1
5e6140124993173054f3dc94e914b239f9f2db0a
-
SHA256
c43b5d3f736b3f86f0603f8f4afca144a5118c8d1a987df461378ce8cfd20036
-
SHA512
4ce50f003e5b0f7740e90e7a9e7d451da6c9643b10b32c8898615875f6da42a7d55514d08702131012dd4e1f260bd54ca2d27523b26e949cf78f27150473c00c
-
SSDEEP
768:j0gsqVXye2rS/Q4VYXQIVpCHlNBmQWGk2j+A6ewBvu7gpzhK3D1Gcq:j9sq8S/QEYXQIVWlvmYp6ewNu7hD1Gcq
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4100 wrote to memory of 2968 4100 rundll32.exe 81 PID 4100 wrote to memory of 2968 4100 rundll32.exe 81 PID 4100 wrote to memory of 2968 4100 rundll32.exe 81