459715ab56c2aa1cc67f22b79dbb9f7340c04d78aeaec0435432b5a222178422 | Triage

Analysis

max time kernel
191s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 11:51

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

44KB
MD5

8a67b9d8a9961e78876f52cbe3cbb579
SHA1

e272e88f6acd4e6c82a3e23cad2dcb483802cc04
SHA256

459715ab56c2aa1cc67f22b79dbb9f7340c04d78aeaec0435432b5a222178422
SHA512

2687f4ed0b31d7660ea2d193092b25a523eefa867a2c5203798514f02641e1183a398dafab9cdde2a8bd3bc55c0bfee270cc088ffc217dd283fe04d432bca0bf
SSDEEP

768:uX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTykz:uvrx/qp8OmwxfhyVxQlBdvW4eLOL7eXO

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3740 wrote to memory of 872	3740	rundll32.exe	rundll32.exe
PID 3740 wrote to memory of 872	3740	rundll32.exe	rundll32.exe
PID 3740 wrote to memory of 872	3740	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
2⤵
PID:872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...