580a6bccc51030cef877b8ac00ef6f9be7369a01bca7698c29c5cd1abe3f1990 | Triage

Analysis

max time kernel
137s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2023 11:22

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

44KB
MD5

8b61f8e62b18781430b85d62c4d705b7
SHA1

1f5a45bf2905ee0d10607a6cf59a98168a995a2a
SHA256

580a6bccc51030cef877b8ac00ef6f9be7369a01bca7698c29c5cd1abe3f1990
SHA512

650f13ae83009b586f66d1009784006260368dde1ca50377aa7175d1162b45dc18fb66cbabf7848c735029b27a71e70aebc37f7c551ddd58540d1a34f41501b6
SSDEEP

768:TX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:Tvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4472 wrote to memory of 2016	4472	rundll32.exe	rundll32.exe
PID 4472 wrote to memory of 2016	4472	rundll32.exe	rundll32.exe
PID 4472 wrote to memory of 2016	4472	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4472

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
2⤵
PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads