Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Device/Har...97.exe

windows7-x64

10

Device/Har...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    41s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2023, 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Device/HarddiskVolume4/Data/CTXProfiles/mtribenga/UPM_Profile/597.exe

  • Size

    520KB

  • MD5

    b32e9684b7b980d5e701f5d691e3db31

  • SHA1

    90eba241c5ec0ac472b180840f423a887401337c

  • SHA256

    f3f6b15265480c52e302f9f0b31ad6cc9051c16d16f1204bf78866e53c395896

  • SHA512

    8479ba8ada4c3d8b151fcd8395782ab5782df33dc76fc2e5bdd711842ad81242fed15f47110ae586124ac2530a1e926861f9f57487c7daf58e856874e0d33fc2

  • SSDEEP

    6144:DAVTFjFS3Q6fYnZy0EVHYNeSgTwl0lJgJ9vcl9CK:DEIQTZvs4NGT7goGK

Score
10/10
gozi3316bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    217173

Extracted

Family

gozi

Botnet

3316

C2

hbritneyyi.com

c55wccayla.info

vdorrisacleo.xyz
Attributes
  • build

    217173

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

Processes

  • C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\Data\CTXProfiles\mtribenga\UPM_Profile\597.exe
    "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\Data\CTXProfiles\mtribenga\UPM_Profile\597.exe"
    1⤵
      PID:1716

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1716-54-0x0000000000E60000-0x0000000000EEF000-memory.dmp

      Filesize

      572KB

      Download

    • memory/1716-55-0x0000000000E60000-0x0000000000EEF000-memory.dmp

      Filesize

      572KB

      Download

    • memory/1716-56-0x00000000001A0000-0x00000000001BB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1716-59-0x0000000000100000-0x0000000000101000-memory.dmp

      Filesize

      4KB

      Download