17bc4a9ae4fb31afa2d08995ff00d21faf66154b406d0505c65667c49e49e8f0 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 16:33

Sharing

Report Analysis Logs

General

Target

gozi.dll
Size

44KB
MD5

503fd118bd1aeef9d3b3f2cf9f34556a
SHA1

f0f57c917bf4805f3dda820a7263ac797402caa6
SHA256

17bc4a9ae4fb31afa2d08995ff00d21faf66154b406d0505c65667c49e49e8f0
SHA512

5abd2498e95b4d4276edc1babffe77bf7a7dc7ad3d1ef44ac351c722b2b3225a11a016cb7f9e6f306437aaf5cf2720a0f90f1fb53e9aa896b1572e7e574769b0
SSDEEP

768:XX/rx/qCa8OmwxfhqwSJ9z7XdjP0lBdCEtDsh4eLiTL7gpP1ZXOTy:Xvrx/qp8OmwxfhyVxQlBdvW4eLOL7eX7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2184 wrote to memory of 2636	2184	rundll32.exe	rundll32.exe
PID 2184 wrote to memory of 2636	2184	rundll32.exe	rundll32.exe
PID 2184 wrote to memory of 2636	2184	rundll32.exe	rundll32.exe
PID 2184 wrote to memory of 2636	2184	rundll32.exe	rundll32.exe
PID 2184 wrote to memory of 2636	2184	rundll32.exe	rundll32.exe
PID 2184 wrote to memory of 2636	2184	rundll32.exe	rundll32.exe
PID 2184 wrote to memory of 2636	2184	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gozi.dll,#1
2⤵
PID:2636

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...