Overview

overview

10

Static

static

3

d792dabb71...50.exe

windows7-x64

10

d792dabb71...50.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d792dabb7157f376a349132ff6e74d50.exe

  • Size

    203KB

  • MD5

    d792dabb7157f376a349132ff6e74d50

  • SHA1

    dfc32566ca8469332519cf2bd0d913fdb3ceb699

  • SHA256

    3015f526fa6de20c4203ea89b26a067ae768b78e04ba373da8de33cf50494fb2

  • SHA512

    1160bd6fcc6715ed374c9b4e663c72bdc3fb3ec032c80cc159c8d02d700f8d8c9ee4be1975a92a8197f3cb5e7d49209195fc675c6d08a5d39622d3f7cf047cab

  • SSDEEP

    3072:6gji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:66dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d792dabb7157f376a349132ff6e74d50.exe
    "C:\Users\Admin\AppData\Local\Temp\d792dabb7157f376a349132ff6e74d50.exe"
    1⤵
      PID:2784
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2496
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1512

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      efa3e4611e08ad22f592f9d72df33c0a

      SHA1

      bb3d0e94ec11cf7081885ce94e94792a5a727515

      SHA256

      0ba494810e6a4e8b7394507fc1de56639ff16c18504cea9da9ca8154078617d8

      SHA512

      ecffcd0b523805132ecebd1c9a06bc57d103a889043ee239cd437242f35dc8148e1f8ecd3bbe203ee60715b00584596ea48e957e92689915331311a3946a196a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ee501c129c593c7df2c5f4444ab06525

      SHA1

      9988bf93ee34f54aa4ecf68d3615b8ff1133b071

      SHA256

      5069dd0e6b9377d35c9ecd545c24cd9d15e5b09e113ebcdb1d004d8e29e0b3ff

      SHA512

      9cf1cd897305954a070a2ab065e7e01626aca0107e15a522b089c93dbb972775bf1940ca9d3d02ffebea984b4af22bdb068a92920bf0482721cd2f4918085ca8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6c5a3919e768108dbddf8e1bd5fd274b

      SHA1

      80181a7e5e16d764e7d216e9ee6381565c6ce2bf

      SHA256

      f95c671f454ffa6535a3416e70463d09755fa52e6a71054bdd06bdef780685b0

      SHA512

      1acf5fa03ba11cf46cc5db6ce3e1a27bd83d395134f9d1e89ccba6fd062989bad5aff1017e2a604cd16527eaf194751b9367826fce32d240bcc89c80ad96e12d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      80f1a0abd95f6878ed48fae98b83a97b

      SHA1

      6b15caa50232bbf8fe8b3fbe08c386bc71273c53

      SHA256

      c6999645981167ba60661f08a11354a7580edce2d8de2ade9b83ab907b8264f9

      SHA512

      fa3f6672bbce229bb54af52cbe00cb441618ebf993a04a36ae06b5b683df5556bb216355555e350223a3222ae1e3de1f674fb314beeb7e2eca44c3affd196ef5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      636b94359453fcd90e53bae46b01c837

      SHA1

      e8db2fc75071a1f72e758e7eeecf1e0d1caba6db

      SHA256

      e855e83281d52f032d725be992ae3f746edd1da947e151fdde7b1304e48ff185

      SHA512

      4908b241a14f97b6a6640f9eebeeb30a41dd5cf0ced3cae8f1dca9f5f643b833d74b7645795dae97fd2c2ae80ffb9224ed0035d1b496a83b609e20f4f03a4ea1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ae6115810d76d760b5d4b8304672bece

      SHA1

      b6f7db462c412f5e09c1fa062b20f6e99756efd7

      SHA256

      6e0149eb5f53225916cc39dd14fd0f617d648b02e917e377d853a2fd84739701

      SHA512

      61a17ebb130a602415fbf2fb204262faf82ebb71d488d42a3db44e0deff63c23eed288263922e1d8cd7abc93487b9d62470a3798d7ac1c77f449e60106ad0b8a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      001ff0648fcef4c4f9aa701fafc09273

      SHA1

      6231f1e3a4307629570eb330bb861a3e0c342735

      SHA256

      ee1635c503714c46ba1227303719c4e1643e4aa51c6d549dfbebda004a52007b

      SHA512

      ca559dd493166c6ce1fe78093878024a5cb7f2c5cafef4b13f87e38447aec34d9424d1f6c6cd09ed704f231ce08ddcfd19ea9de7b0d8aaef609e9010785024ea

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ec27bca94d9ce82a7773f12463232297

      SHA1

      43ecb1697c8e99aaa89258e32aeb3a6351cf46e9

      SHA256

      32f229770f452efb3f9a10aaf37166ccbbd4a1ab10592f3ff8e33d1c4313cd20

      SHA512

      c77e5c0f9cf389e31897449d3931ea2bb6ca4081c77bb66ccd3bb9974f55e8fafc2023fdb716eb7bea1146272657ddcadf0d89b3be070a27922c1a4485052d96

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1f576aede68199c560bf08b8892d8a4c

      SHA1

      f6680617e5a5c4b74fb71296a074c675961aee34

      SHA256

      9c63197f173c9a8a3cd84e00275f15021be3416a2833d8885e1c79abbb8a78ce

      SHA512

      4de8698e48cdf0f902c8038d5773cff8e781035002cf86d750a69f95dd174aa7dc663f95cc228c3af52559660f672c787f2209d8424434c5541e45c70165e7e9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4e22a21fd7ca1679dac7a08d5a975e51

      SHA1

      b3301871d1db81c2e070c496b713ab9e8e45dae8

      SHA256

      4e7d21e83b4c511e35e9ca8585b222826aa503e2138a753ae1cebcd0469d86e7

      SHA512

      6cd4fe37c1044d1ea08ebd98120cbe0117eed1091a5cbf1b11ad3df8e474193f5bd13418df77bc051713040e17329c382796df5b57eb85cf74300b861cbc94b6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      43e276e4ba934821fe28dbb04ec1f1c3

      SHA1

      4dfe39bfe350be90f46fcf2ce34a3919d8ecc85a

      SHA256

      12e11368c54fd2ab42b4020b0b530ddb12bb76f767e62850b5812ce6a81ec8cc

      SHA512

      6a4ebf49bbbc336b1044cc166e28f29c0e92c063bc2940ab952a244f90daffbb667a9ff5b3e854315f9cb9a6993b6056903f272c69983f698c816bd85e5388ee

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      c2c5b4f5ec32e0409e9318152b98fc5f

      SHA1

      c09316b33f6d11e1c1dc9520afce84e0d30c165e

      SHA256

      335fa0a07d34e55b3c6cb66b87ece3153e80d043be47b7bdc8f855b9ccfad069

      SHA512

      75dff28a79fe1bde61d4bfad1aac3b01dfcabeff233407d9d1290a92255bc7d0419404a80ee27af8ebbff836ab631bc0dd7939bbb7ee777a5c458058e102fa8b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      43b35704f51f4ebfe2321b6c8e623fb3

      SHA1

      e5aab81b7035fa50691997c35d8b32d1e2db1869

      SHA256

      6a48226a47abe525f802db81f236363d6c904d856f35bbcfd919eb1b068f40ee

      SHA512

      91a6800c03d956cf43345bd169a797bb1f51a0b325dd8aaee70aeea3a7c0697a40f0a41ecb0fab0044d4a9327109ab1f993a2f7bb8bfa706e7fe5c2541d8772c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      87c5b702a911563da5150abcfc24360f

      SHA1

      67b5d48fd2b63f30f00f34f8dbadf7aca84b615b

      SHA256

      78b84d132521bf5f4be35a6067e704e5897c7fa53390268d331a7c5ae9b2206c

      SHA512

      6c45845838d0b0b0d3068233c0114be7600b606d795eec103664dbd6f5b485ba5499259810874d8c4e0e3d5c4749c018f87269cf2a6f9b10e903c2744f8f8fb4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      ab6ead7fd4a7937da1fde5d07af8bc51

      SHA1

      c811fcd9a0805f736214d6d72887e1d904d757cb

      SHA256

      e1d2f53e9778f18a55a770b1d7cc106e9bd3ff38c1d6a712962e6332c9e1cfe6

      SHA512

      0622147a87d5939837d6e6cbe1fe42b6b9dd048e69d78c5e2059ff97db81fcf83ed7ac8783faf8ebc5f8da73e4b91b3290f3fc88abf4c588e91f2ea1e4947445

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      e6cab769a5622b89f1930e9c256f756d

      SHA1

      70ec3ad7f62c1401217f41da19081ab8f4297c1b

      SHA256

      aa870d16582a5aa407dab4de13483e1eda7028f43fcbd129555feb635d32beaa

      SHA512

      16beda825871531f656ee512fbba55ad53417bcce391864c989374116ec864e9fbe99cd8989a57cf8385456c18e4301cb43d922783e59f2c415eb4209f5fc87a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      00392ac91b5488451650cb28b9f290ec

      SHA1

      b1f7269abf68f2fd3018907afa08ede8478327cc

      SHA256

      e4ea01b7fe13b86afc738af0a23c39f32b2b46facb14cbf73403b34da0e1ec6e

      SHA512

      307b6743e559220cb19db151ab59d78bcc68b57ba36c253afa06dcf366c5a118efb8ca371317c240c3cb4ec0f7c1f34166dec607a2a616157839b7d9f2ac6da3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      58736ddbc4a5b4e067ee11df033e4cd2

      SHA1

      a331a6a484651bce121ac8c7f8b90df96f494a9a

      SHA256

      5fff24d17d6d7798d10a634028c755b88bd58b587bb147208c06058de2392511

      SHA512

      58d120834cf39456bb489aa65cfc0cb243d09a9e05a4e69ef9fc1a322f9fb114e34fb3be06690cdc42de0c0057e2aee85bd9cee244f47a5768eeb5827ed56825

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      18de5e020f323154ac13854f4f512ec5

      SHA1

      966843d75dcb022770c0f580153a3c134493b4dc

      SHA256

      1c1bebcc683312a76fd746379e004f2217cac5e8d38e077b1bf7984a22f5732a

      SHA512

      4a9c42bd3a2f17bf93b74720eff220fa905eca4554030711cb3faeefd701abc7154575e5bdadd21afd0d9207b47fdd6c752e971fc24ad0f22355d3674ee86579

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      33bc2e63508c24f2af245c0e3914243a

      SHA1

      c3b5ae961354ae9cbfc9ff232f73729ca68fce00

      SHA256

      25783e0898836d5bdff8207792f355bab42bf8169c6fea58e8c4afe67c1271e2

      SHA512

      00e53d6e24a4a59a0b1d05a7a126268eef9821b97657b2add9e97e7e190a50d89b58359f1ee9f76321a32412ae1fc287449a718c1f31dc5dfe50cb71e73d9e56

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      0832fddcb677bcb8bf0272cd8a03d2ce

      SHA1

      e72dafb1cf14cf5552179c479cd438cd25aaa430

      SHA256

      8d5ebc4c7246ac7558823e890988efeec9f0e1ea93b6ecbc1874d14c8cacbfdd

      SHA512

      03263d319d76e44f90e0cc2c9a33d18ad4f9b890651fccdbd83819ebefe0c43ba255aff3a9d74e4cd35548d14667c624694c4c1145018f1050436d3b1b0ef6db

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar5AA3.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/2784-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2784-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2784-2-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2784-3-0x0000000000020000-0x0000000000021000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2784-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2784-8-0x0000000000440000-0x0000000000442000-memory.dmp
      Filesize

      8KB

      Download