e503cee9f16f1d5290f3a77355863a246e34f3e20a66acbadcd358bdf4f5cde7 | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 12:11

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

44KB
MD5

2931b842d14e1e28823790526008bc4d
SHA1

e3374a7210e3d49ff20783895cf292706238680f
SHA256

e503cee9f16f1d5290f3a77355863a246e34f3e20a66acbadcd358bdf4f5cde7
SHA512

afe977940c18ece79183f3d07af3b6f5e0ef5791f3d9a369cd05f03678afad9bb4a69bd4887fabb39838cd385e5b841d0360ddda1c4fb58242de8a617dafe719
SSDEEP

768:SX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:Svrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2152 wrote to memory of 1980	2152	rundll32.exe	rundll32.exe
PID 2152 wrote to memory of 1980	2152	rundll32.exe	rundll32.exe
PID 2152 wrote to memory of 1980	2152	rundll32.exe	rundll32.exe
PID 2152 wrote to memory of 1980	2152	rundll32.exe	rundll32.exe
PID 2152 wrote to memory of 1980	2152	rundll32.exe	rundll32.exe
PID 2152 wrote to memory of 1980	2152	rundll32.exe	rundll32.exe
PID 2152 wrote to memory of 1980	2152	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2152

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
2⤵
PID:1980

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...