9b10527b73313718c8694c63b8f83a593216d39276e03ef5d0fd04276f8dc96e | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
05-10-2023 16:15

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

44KB
MD5

658528593229c2d7099caedc3221b274
SHA1

cc5bc4d4a46f7287be2adc306963ff9c435d9da6
SHA256

9b10527b73313718c8694c63b8f83a593216d39276e03ef5d0fd04276f8dc96e
SHA512

7d9803e761740a2d28a061bdce439b47cdd30ec804cbf9ade2dff6ba363cd9414f4eab740c0cf82cabc5cc7c9f03b294beb39fe822273eff9ba098b41e7a5055
SSDEEP

768:wX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTymr:wvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2132 wrote to memory of 1448	2132	rundll32.exe	rundll32.exe
PID 2132 wrote to memory of 1448	2132	rundll32.exe	rundll32.exe
PID 2132 wrote to memory of 1448	2132	rundll32.exe	rundll32.exe
PID 2132 wrote to memory of 1448	2132	rundll32.exe	rundll32.exe
PID 2132 wrote to memory of 1448	2132	rundll32.exe	rundll32.exe
PID 2132 wrote to memory of 1448	2132	rundll32.exe	rundll32.exe
PID 2132 wrote to memory of 1448	2132	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
2⤵
PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads