Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
09-10-2023 12:43
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-20230831-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
gozi.dll
-
Size
44KB
-
MD5
76f70e707144bb109d3e3e802cfaddb3
-
SHA1
11223b8b61aed91d976242abe2d85103db8af2c1
-
SHA256
07842c72a0b850aa90614e3f187037fc664b237cc70db0c59add6cd1f4c465de
-
SHA512
7c224aab3c9f4b6e92fccdd2dc10cadbd69949e26b732141785ea48e1dedb914f30a73d31edec25456f85cc181b2b8aca06d6c44845ba1141548f8d4c7de5054
-
SSDEEP
768:zX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:zvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1884 wrote to memory of 2820 1884 rundll32.exe rundll32.exe PID 1884 wrote to memory of 2820 1884 rundll32.exe rundll32.exe PID 1884 wrote to memory of 2820 1884 rundll32.exe rundll32.exe