Analysis
-
max time kernel
191s -
max time network
209s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11-10-2023 11:51
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-20230831-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
gozi.dll
-
Size
44KB
-
MD5
8a67b9d8a9961e78876f52cbe3cbb579
-
SHA1
e272e88f6acd4e6c82a3e23cad2dcb483802cc04
-
SHA256
459715ab56c2aa1cc67f22b79dbb9f7340c04d78aeaec0435432b5a222178422
-
SHA512
2687f4ed0b31d7660ea2d193092b25a523eefa867a2c5203798514f02641e1183a398dafab9cdde2a8bd3bc55c0bfee270cc088ffc217dd283fe04d432bca0bf
-
SSDEEP
768:uX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTykz:uvrx/qp8OmwxfhyVxQlBdvW4eLOL7eXO
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3740 wrote to memory of 872 3740 rundll32.exe rundll32.exe PID 3740 wrote to memory of 872 3740 rundll32.exe rundll32.exe PID 3740 wrote to memory of 872 3740 rundll32.exe rundll32.exe