Analysis
-
max time kernel
140s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 09:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe
Resource
win7-20240508-en
2 signatures
150 seconds
General
-
Target
a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe
-
Size
596KB
-
MD5
50aca2f93f28f6408d7d3b5f46c8d963
-
SHA1
c8fbb2524a096d4308807f99b8b80a13ce9d3512
-
SHA256
a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5
-
SHA512
34f74434954748081f18b4933b51f6b0b6da6b7223359ac6d587e9ac1f5e6308a4c975e800cca09562476be896328b82cbc0dbcfdf276f89ab8a104097752b2a
-
SSDEEP
12288:xqLD9LU7ncQwcj9cqMcNySlSwpQ/FsD61:xqQnHjG1hbODq
Malware Config
Extracted
Family
gozi
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exepid process 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe 1456 a969b652028c0955e8416bcaf485fdcc8bafad05694fc69853e4a090f01b3eb5.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1456-0-0x00000000006C0000-0x0000000000744000-memory.dmpFilesize
528KB
-
memory/1456-1-0x0000000000750000-0x0000000000751000-memory.dmpFilesize
4KB
-
memory/1456-2-0x0000000000750000-0x0000000000751000-memory.dmpFilesize
4KB
-
memory/1456-3-0x00000000006C0000-0x0000000000744000-memory.dmpFilesize
528KB
-
memory/1456-4-0x0000000000750000-0x0000000000751000-memory.dmpFilesize
4KB
-
memory/1456-5-0x0000000000750000-0x0000000000751000-memory.dmpFilesize
4KB
-
memory/1456-6-0x0000000000400000-0x000000000049B000-memory.dmpFilesize
620KB
-
memory/1456-9-0x00000000023B0000-0x00000000023F4000-memory.dmpFilesize
272KB
-
memory/1456-16-0x00000000023B0000-0x00000000023F4000-memory.dmpFilesize
272KB
-
memory/1456-17-0x0000000000400000-0x000000000049B000-memory.dmpFilesize
620KB