Overview

overview

10

Static

static

8

DSC_Canon_...ip.exe

windows7_x64

10

DSC_Canon_...ip.exe

windows10_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    24-12-2020 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DSC_Canon_23.12.2020.zip.exe

  • Size

    255KB

  • MD5

    1900f3bd2b1848b0f4b1a0495f11d84e

  • SHA1

    38de4f6bbd82ee58259d39db4cbb14c505837b88

  • SHA256

    dddf5829a3bdcb2b6562eb194a138f8de5da26eb5dda0bbfacbbf1124ad51ec6

  • SHA512

    d16dbd03da41abc45247f9c7c00a1d363e13949c0203077806996d17982788207318ffd7c5e5a835cb3eddfff556843a34baef93c8547e4001cc2fc017e3b60a

Score
10/10
gozi_ifsbbankertrojan

Malware Config

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb
  • Modifies Internet Explorer settings 1 TTPs 87 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DSC_Canon_23.12.2020.zip.exe
    "C:\Users\Admin\AppData\Local\Temp\DSC_Canon_23.12.2020.zip.exe"
    1⤵
      PID:816
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3392
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3392 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3164
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3768 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2568
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1344
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:3992

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_811E966590408029163D674CAE049A9C
      MD5

      e8bb94fcd73c323b42df39277ccf7e15

      SHA1

      928222f9e6566248e81f6aa2b2ee7853db328ed4

      SHA256

      99eaf4e140835c104fd9ae2896b9ceef5a34f68e78eeaf6a143c1b8373972658

      SHA512

      d074d2016fa17237116cc75a180687556aae050512329ddaa13ac3683b0d4393fa9c08785c2c06f80a724d315aceeaa98fcd7f619e5c8eacf3bf980c52330f42

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
      MD5

      4c03bb90ac509156a3df0974bec5b22f

      SHA1

      c1c968e070a001e62c29481ecf1578937bd560d3

      SHA256

      09008a563d92f2ac76097f42704a906259ce9d70895e00ae1cbf1fbb0d3a62e2

      SHA512

      ab8232d46e184320ec9628adfc2cb4916c08f87ebc3ac408f1af2676c94f96814c6cbfd67effc6dab4addab610e1014980231dd5a8b9cc0a8654f943a84dda37

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_811E966590408029163D674CAE049A9C
      MD5

      5ba51a0060c019e66c8d9dabb754c908

      SHA1

      e58a3789d47df625673b8c2db8eb355893d44ccb

      SHA256

      eb8afcde4f254de275e460cc4835664bcdc7c7b21b07574c35416e21d6e88f36

      SHA512

      5506b3ea39e8cff73cab10652d368905a882f1febd9c792636b2aa6be0b19a2000703545c8b83575444e7ca56c4b7fd337108abbea614c45e26b5aaff1ec7582

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
      MD5

      4eae5ba4d97cdaaece4206a76fa22222

      SHA1

      0c29b84eea76e9f33f98516f88a1c8bda549894e

      SHA256

      76f81e1b7553216ade11d5aa630f333a2313a4377f01d95e643479f3d4411c89

      SHA512

      9d4c6ca715e56d4bbfdaf845bfadab15557511e7631493a65ca528588eb0545c0664d87360c5a883681ebe6b352dda7dcca3a9d78c402452d0b6417a212867bc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ygi6rqc\imagestore.dat
      MD5

      09c712cc34b002421eab819de8ca8e73

      SHA1

      3b6e5689f7d859d961ff130e732d5cbfaaf7b675

      SHA256

      a7e4315472642f063abc70ea8a80bc158e331dd42a0f39ccda8851247ba74e74

      SHA512

      9cbce09913b12392d93b7553e8de535155e875d4281ac2a3255c19f337386c7e77170caf1f817e6f68f2ab5ed086e63081b4ad6e38e9d53dd5a240137723a8e8

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ygi6rqc\imagestore.dat
      MD5

      09c712cc34b002421eab819de8ca8e73

      SHA1

      3b6e5689f7d859d961ff130e732d5cbfaaf7b675

      SHA256

      a7e4315472642f063abc70ea8a80bc158e331dd42a0f39ccda8851247ba74e74

      SHA512

      9cbce09913b12392d93b7553e8de535155e875d4281ac2a3255c19f337386c7e77170caf1f817e6f68f2ab5ed086e63081b4ad6e38e9d53dd5a240137723a8e8

      Download Submit
    • memory/816-2-0x00000000053A1000-0x00000000053A2000-memory.dmp
      Filesize

      4KB

      Download
    • memory/816-3-0x0000000005490000-0x0000000005491000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1344-10-0x0000000000000000-mapping.dmp
      Download
    • memory/2568-5-0x0000000000000000-mapping.dmp
      Download
    • memory/3164-4-0x0000000000000000-mapping.dmp
      Download
    • memory/3992-12-0x0000000000000000-mapping.dmp
      Download