Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12-10-2023 16:33
Behavioral task
behavioral1
Sample
gozi.dll
Resource
win7-20230831-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
gozi.dll
Resource
win10v2004-20230915-en
1 signatures
150 seconds
General
-
Target
gozi.dll
-
Size
44KB
-
MD5
503fd118bd1aeef9d3b3f2cf9f34556a
-
SHA1
f0f57c917bf4805f3dda820a7263ac797402caa6
-
SHA256
17bc4a9ae4fb31afa2d08995ff00d21faf66154b406d0505c65667c49e49e8f0
-
SHA512
5abd2498e95b4d4276edc1babffe77bf7a7dc7ad3d1ef44ac351c722b2b3225a11a016cb7f9e6f306437aaf5cf2720a0f90f1fb53e9aa896b1572e7e574769b0
-
SSDEEP
768:XX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:Xvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2184 wrote to memory of 2636 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2636 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2636 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2636 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2636 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2636 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2636 2184 rundll32.exe rundll32.exe