Analysis
-
max time kernel
101s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27/10/2024, 11:27
General
-
Target
7ae1a6b52d4ea37fd1bf9bc2289f87fcafe28ba20991bdcd9efd1fb52c7597e2N.exe
-
Size
364KB
-
MD5
8aa7c8b785569cd0d21c5e253b0c16b0
-
SHA1
09d80b2f4387af1469b4e19fb2b22096d78c9519
-
SHA256
7ae1a6b52d4ea37fd1bf9bc2289f87fcafe28ba20991bdcd9efd1fb52c7597e2
-
SHA512
5bd54d90f8f1973e6f331666b656d44f9e7a28144389be6ae0b48a48d48cad11163653c02b16e92a6d86203f24e0d209988db61f86879c7ab556fa74ff0e0487
-
SSDEEP
1536:Z9+jzXF8CvrJ4PBhDP35L6hKilProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:Z9+jh8k6DP3Z6hKiltOrWKDBr+yJb
Score
10/10
Malware Config
Extracted
Family
gozi
Signatures
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Gozi family
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ae1a6b52d4ea37fd1bf9bc2289f87fcafe28ba20991bdcd9efd1fb52c7597e2N.exe"C:\Users\Admin\AppData\Local\Temp\7ae1a6b52d4ea37fd1bf9bc2289f87fcafe28ba20991bdcd9efd1fb52c7597e2N.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2202⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4912 -ip 49121⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
364KB
-
Filesize
364KB