Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-03-2024 18:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    5.9MB

  • MD5

    d21ebfa5e971bb5293c9de7a404792a1

  • SHA1

    850cae6b28d100738547f8a86889d71ff5289073

  • SHA256

    cb49adf3033abe1d446541a2b216b7cc9f50cd74494ec7d78dd365c952d3487b

  • SHA512

    2fe8f296117e70a05fa24f0be9250fff84af339eed1bfe46d1c218a0210324b9e0f77ddaf6ad518eca8370fc3023238f7fa13f483f30c545c10fc2e02f973a6f

  • SSDEEP

    49152:VdFCDWU2GG8XKQ3/cdt4osAZo5+cSAsAUSNlLOg/L1Jf2jTiQ/VoJu4E9/+j9Z29:VnCDL2uKecbO4ihsAUoDjj233NmmcPK7

Score
10/10
gozizgratbankerisfbrattrojan

Malware Config

Extracted

Family

gozi

Signatures

  • Detect ZGRat V1 1 IoCs
  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 576
      2⤵
      • Program crash
      PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1700-0-0x0000000074440000-0x0000000074B2E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1700-1-0x0000000000EA0000-0x0000000001482000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1700-2-0x00000000050B0000-0x00000000050F0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1700-3-0x00000000065F0000-0x0000000006924000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1700-4-0x0000000074440000-0x0000000074B2E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1700-5-0x00000000050B0000-0x00000000050F0000-memory.dmp

    Filesize

    256KB

    Download