Analysis
-
max time kernel
133s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-05-2024 16:30
Behavioral task
behavioral1
Sample
f6b4af7c0dac9c39946e73eeba84ef291baa65b5915cb8d9416189308b81ded1.exe
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
General
-
Target
f6b4af7c0dac9c39946e73eeba84ef291baa65b5915cb8d9416189308b81ded1.exe
-
Size
3.9MB
-
MD5
cd03ac3c74d2525e6f25d35f4a3ae8e3
-
SHA1
3e67bc97a8cca99d6ec0c1b06e1f025b4933f522
-
SHA256
f6b4af7c0dac9c39946e73eeba84ef291baa65b5915cb8d9416189308b81ded1
-
SHA512
5f23dd85c655e79a2e758236bd9afdb02540a105e12ffa8db24c269a634a0c8654ba3e45afeb7cf450ad8a177483f2c736cf3e7d7b49259e006a6ea21c9add7e
-
SSDEEP
24576:M4iEA+SexpJ/At1lF6i7/emcbfwQtxGcgLgwZALW5C4Xvf+kw5yfNT12gR/L+5zY:MVp6YcbfwYmgYIg+OfNNRih1Z
Malware Config
Extracted
Family
gozi
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
f6b4af7c0dac9c39946e73eeba84ef291baa65b5915cb8d9416189308b81ded1.exedescription ioc process File opened (read-only) \??\E: f6b4af7c0dac9c39946e73eeba84ef291baa65b5915cb8d9416189308b81ded1.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
f6b4af7c0dac9c39946e73eeba84ef291baa65b5915cb8d9416189308b81ded1.exepid process 3508 f6b4af7c0dac9c39946e73eeba84ef291baa65b5915cb8d9416189308b81ded1.exe 3508 f6b4af7c0dac9c39946e73eeba84ef291baa65b5915cb8d9416189308b81ded1.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3508-0-0x0000000000400000-0x0000000000402000-memory.dmpFilesize
8KB
-
memory/3508-1-0x0000000000400000-0x0000000000838000-memory.dmpFilesize
4.2MB
-
memory/3508-2-0x0000000000400000-0x0000000000838000-memory.dmpFilesize
4.2MB
-
memory/3508-3-0x0000000000400000-0x0000000000838000-memory.dmpFilesize
4.2MB
-
memory/3508-4-0x0000000000400000-0x0000000000838000-memory.dmpFilesize
4.2MB