Overview

overview

10

Static

static

3

6dda626b8e...1d.dll

windows7-x64

10

6dda626b8e...1d.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2023, 14:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6dda626b8ecf2e68f2f57328a0ddfdf4297ec10f7a706574c69387fd9e136e1d.dll

  • Size

    222KB

  • MD5

    751c24642e4d160c3bddd3b007823f7b

  • SHA1

    c8c2b1e3b8ebcb868d80878e6ccfaa50d5f164b5

  • SHA256

    6dda626b8ecf2e68f2f57328a0ddfdf4297ec10f7a706574c69387fd9e136e1d

  • SHA512

    dbced184573f4c78099f8913feab796fa55381315dca9173d572841dae046d7d8afb7fab578c1ca1d85a38236e488944f0b6428787e503551b895f4f877f9e48

  • SSDEEP

    6144:lug7uSfrq53f/naaLgXwVoVXt+3HRzVOf:L3fe53naaLgXw6FIh2

Score
10/10
gozi7244bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7244

C2

web.vortex.data.microsoft.com

ocsp.sca1b.amazontrust.com

gstatici.com
Attributes
  • build

    250167

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6dda626b8ecf2e68f2f57328a0ddfdf4297ec10f7a706574c69387fd9e136e1d.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\6dda626b8ecf2e68f2f57328a0ddfdf4297ec10f7a706574c69387fd9e136e1d.dll
      2⤵
        PID:2800
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:240
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:240 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1488
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:884
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2856

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            1a71fa7322abd3f3b3a8837513c11c70

            SHA1

            318bb79484c3fa2d7bf98246c86a126c2997a936

            SHA256

            f49c7f798b47602e732005f40a206bf7990c691f9258abbc74880d2f35b0748c

            SHA512

            c5b81c4f01bb89af808521ee62492c9db265634c096a2d3d7ad64d341bd1ede54ac56ed6988e3a05b50c45b0b574e59222a700f6b412025e26d36ff4d3743a4a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            02878eeeebd153b2fb3c11c9f9f0b2af

            SHA1

            3ff44effccab5d8a47ad7058b52f40c0ebba4a44

            SHA256

            201f8506b56994fed4af14ba176c1e7a4072c8d958e8bf9238f65e6a287061bc

            SHA512

            7f84a6283f1d6ebb4c6f7bd6f87112ac60d4d6b3579047f5bd42b104f676c1a6267f48091e472ec00c95c0eb1df3e2a3a4d09712b2af2f3a2a3057d80e2126fd

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            cd3e375abdbcb6953a4142d7d41e2fb4

            SHA1

            efd78dc73511b16baabb56b15a83cbbee1a2278c

            SHA256

            a29328037b9d5a43a31c231e454a983bb72fc5c868a45fc4f3a0bd9a2f6115a4

            SHA512

            0554b14ac33e9616462e5a808fc972acc3c2b589a54895d16e70b1f0ef47548e1952db972884305402a1628e41db2a3481a74da27c37ab4626142ac09702e205

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b4684395a45893a8770168ac7b76fc16

            SHA1

            b2d6ad286c01b9de84e8a9b86602e6530b79a0f0

            SHA256

            335035dbc0a1e067da5a50710b9dae8b4dbc6c9b764bbf8405426e54043b6885

            SHA512

            e0df7ec8ed19f5f37710ede3e6e71dac1c75f78b3a707e6e6ea736694343397c56f6817372bdd505638dd788de8f9f8a033a36c49773676b43ba62a694a603ad

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            d69b6376d17e9f2a4d416b7d7c5ab918

            SHA1

            bec2b18c9f5c3219a8d792f4a56e1fa27dea9e66

            SHA256

            359fb0abbb2f8031bc47e31672ae367ab03d19dd0692c879ababfdfbc7283057

            SHA512

            eb91e93fd4d183e3ab2d50ac68a925949f802c431cd455dcba76d05aff80983511b1a480e7be7317ca1d1cabd94019d190589a135219279216b14cfb340d27cc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            598fb5192dabf00e6dc9b460f9fbb133

            SHA1

            89ae8ce4ab612e3a306d9a9c1d452ad6601c45b6

            SHA256

            e1b7d6fd947cccf09c402bd0baec0e5149edfecf5fe5940b17ebd28fe7d65258

            SHA512

            0d6bd6160b43adcf02c97bece8f2e2b847ed83cd6860fcc1c73a6d9ac55996f4036f526ecb7e82e593cdb048eeca410472b5a6d65b2703bd7edde7b11b746bff

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            e7dddde5dd8c5dbe5f8f7e82b4f61f78

            SHA1

            3a537d64427e80abcd47fbf1dfa03819d76fe93d

            SHA256

            2ec232b18593a976dea56d9d1cb17d6b31195d0eb2a376eb3b2a3c0980a3ce1a

            SHA512

            d433a96ed0ca6dc4d028e148eaee96f1999c8010424b49647182153c139184a42c8e294f1b2dcbb8bbabc3fbf03886aad4f852fa752949f21420b56b97af77d3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b0ef338a8ff078473a3eb225892fef57

            SHA1

            46b6ef9ee06204ec6df2537ab5c397256c885b87

            SHA256

            f947c6386e31197d56f972bb4216c17c7cb5b944904140ba7ba08ccd7d398fd5

            SHA512

            f19de3854cfb98a7b5900fae5f4b093ef72500920c2559bfe8904c8ee2c28999af4ce9f5f2d654ae61344226e497b86721b9f8ac6e2c050ce587d77580163e9c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            9cdfeaf591791497d530ece2e71b2a90

            SHA1

            d0b8eed81c5900733bb7ee02e5c3a63d3aaf8fcc

            SHA256

            5df58221366013d29a81292c78fbb463f4709ecf9b49b374f7aacbe2abaf778b

            SHA512

            4e5a03ebd8423f72799211f4db722a0d1befc3f5ace2378dc2b685181355f272b95449102853623bfa39b19498987ff0970f1cb3797cd847881516361be886ef

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            e49a4f8fe3af99344431503caea8ccc6

            SHA1

            b2151c66633df5166487d03e76e3abf6661d873b

            SHA256

            f8d8c7b9b1a8ffc88cfd867ecdd1b1006cbe00f2c5ffa36813a66ab21c3fab26

            SHA512

            a5d804149fccad9807165bf732dca7539ebb2c27d9d4e759afd28e0b65d28635f1ba0887725510dbade48c98ffe2bce41c9b1ee73e2f223721ec1c0c99846bc0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabD9FD.tmp
            Filesize

            62KB

            MD5

            3ac860860707baaf32469fa7cc7c0192

            SHA1

            c33c2acdaba0e6fa41fd2f00f186804722477639

            SHA256

            d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

            SHA512

            d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabDB76.tmp
            Filesize

            61KB

            MD5

            f3441b8572aae8801c04f3060b550443

            SHA1

            4ef0a35436125d6821831ef36c28ffaf196cda15

            SHA256

            6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

            SHA512

            5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TarDBA9.tmp
            Filesize

            163KB

            MD5

            9441737383d21192400eca82fda910ec

            SHA1

            725e0d606a4fc9ba44aa8ffde65bed15e65367e4

            SHA256

            bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

            SHA512

            7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\~DFE69DE5BDCFC905E2.TMP
            Filesize

            16KB

            MD5

            d7a7e1f7e9f16cdff04d89fdad3ecde1

            SHA1

            b9c90c1af85139748999e2efdd43a1faa6352f48

            SHA256

            dccfe795d6e2761b5a9453791964a1eb5591c47aec1876522ec6c22f4babd8fa

            SHA512

            c2c33a107a00ae46db5bc95b79d625e17bc7ee0d7f36fc1d2bb1b8af5f0c0ca4e067eb7cfbb5e9a1824857b749bdde1c5325ac42de2e35630e90438b0747c586

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7FT11YZB.txt
            Filesize

            170B

            MD5

            a9005f6e806bcfc6f2c409117a727418

            SHA1

            0870680fa2e67c2df49eba48a25565a0230f1523

            SHA256

            5f323b6148b41d0123977065b2596338513dfadeb15a94397f6309ff7b3bddec

            SHA512

            37c315d9d84de8a83ce08f6e5ce231d61e0629d540eab8a52a7565a6abc0d01c6fae78823761dc96b2ea45b79858f1bce3396d8ce5f7dfc877f00773b0edd413

            Download Submit

          • memory/2800-0-0x00000000001B0000-0x000000000021C000-memory.dmp

            Filesize

            432KB

            Download

          • memory/2800-14-0x00000000001B0000-0x000000000021C000-memory.dmp

            Filesize

            432KB

            Download

          • memory/2800-6-0x0000000000670000-0x0000000000672000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2800-3-0x0000000000620000-0x0000000000630000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2800-1-0x00000000001B0000-0x000000000021C000-memory.dmp

            Filesize

            432KB

            Download