gozi | da7439c58fcf71e27fb8c5d9ff5e6991dc30cb4191d943b4aabab3b421504b5e

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 12:18

Target

7cec17b6b28156596948440473181c6d_JaffaCakes118.exe
Size

418KB
MD5

7cec17b6b28156596948440473181c6d
SHA1

705f9c7ef612ffd0480a38f0c98f7fce6c368b7e
SHA256

da7439c58fcf71e27fb8c5d9ff5e6991dc30cb4191d943b4aabab3b421504b5e
SHA512

ec2cb9b733c2baa43bbf0c649b6ad9e35aebd376851db4b763f85ed3663770aaa95904cdf49a3676ae12dde40ffd330c043f1c9286a446a9474acbfc1528270a
SSDEEP

12288:z1PxHGy7AsqX0ca38eKfSrpGiwP3XOtYD8P+Oh:z1p7wEtIKpGF3XOqJ

Score

10^/10

Family

gozi

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3300	3508	WerFault.exe	82

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 2856	3508	7cec17b6b28156596948440473181c6d_JaffaCakes118.exe	83
PID 3508 wrote to memory of 2856	3508	7cec17b6b28156596948440473181c6d_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\7cec17b6b28156596948440473181c6d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7cec17b6b28156596948440473181c6d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:2856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 34324
  2⤵
  - Program crash
  PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3508 -ip 3508
1⤵
PID:3052

memory/3508-1-0x0000000000A10000-0x0000000000B10000-memory.dmp

Filesize
1024KB

Download
memory/3508-2-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/3508-3-0x00000000026C0000-0x0000000002704000-memory.dmp

Filesize
272KB

Download
memory/3508-10-0x00000000026C0000-0x0000000002704000-memory.dmp

Filesize
272KB

Download
memory/3508-11-0x00000000026C0000-0x0000000002704000-memory.dmp

Filesize
272KB

Download
memory/3508-12-0x0000000000400000-0x000000000083D000-memory.dmp

Filesize
4.2MB

Download