Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

156067704a...18.exe

windows7-x64

10

156067704a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    156067704a567f44a3bdeac98db99e69_JaffaCakes118.exe

  • Size

    618KB

  • MD5

    156067704a567f44a3bdeac98db99e69

  • SHA1

    2167556a853480a6cccdb066dba8c7f453ed2100

  • SHA256

    67d0374ccba4a4a176332496433359a3ba3a80cd5879c346776e4afdeed68bbe

  • SHA512

    495592630ae1adfc905e4ad00a67b7f11de1e2a13636239297aaceb83b859ea576b1fd32659cad781371906983b049760284f84fc4d94de736f0add7611f9df8

  • SSDEEP

    6144:ZFApUH6tEtEtEtEtEtEtEtEtEtEtzeMnMrvwgLdbxAfYAK7zf:2eeeeeeeeeezqrxLYfY9z

Score
10/10
gozi90020242bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300900

Extracted

Family

gozi

Botnet

90020242

C2

https://vrhgroups.xyz

Attributes
  • build

    300900

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\156067704a567f44a3bdeac98db99e69_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\156067704a567f44a3bdeac98db99e69_JaffaCakes118.exe"
    1⤵
      PID:2292
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2376
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1536 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1668
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2232
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1048
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1048 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1288
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a10ef33cf77c9191bf3b42560beaf5d1

      SHA1

      0b2dcf59b6d061badc25f5f48d1156a8c0dafd28

      SHA256

      d187b88e24f96ad94d53612e3f199c0fc8fddd93c901e1d579c4194164ac9bca

      SHA512

      cfd8a637d61d2fc0a26c6e979c84a3132e47bd4642f9ab71c7c02d2293e0cf611d89bb10935d6ecc68c1d058cf8dcac9fc0a6449874b2791d49861b58aa7625f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d0ca602a6d40c4301b56c60ab70c5743

      SHA1

      0f3c0da6b489aa6e4f4b9115ccb5da44994cffa4

      SHA256

      22c531287f354c34cc01b5b5e0566a4073203e46b42a4e66294b33b725682d56

      SHA512

      23da35b7807c249f137c7213eda81c5b06873ab375132bebccb91494acbbd5c938b4345955cd16ef5366b914fc0d1d991328ff035de603fdf6d206021b7bfab9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9aac255d59fae012b0371e903a272bed

      SHA1

      fd474cfe2c5af7b07d668a20fe56e23de0b55702

      SHA256

      c97819bfb17d1c1f9cb90a5d0f15698352c5fafa672f3290f1441e77111c0694

      SHA512

      2dac610c376312fe2b628d1879535a50162fee9d41565e1901a3b8273f5ff9ff9f833b718dac29b6119595441af1b17f22a99aef058301b973cfe6c1b8628266

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2f8bde930b002800a40b1fe398cbb878

      SHA1

      e5c4df149e2233b0d330c94da506dc1163b69d03

      SHA256

      5b0908d4a6e8ddcf1d6fbd49663fb2f1334264cab0c5945c128f45b728dcce3f

      SHA512

      1626e8c110f970181853694a0899a45b4e45e4631c1d5560999f5b56d39a3d9a68934300b14b94819f3cfbe07f6f63d20cc425e9bbfad001b6c62e0b6a6d5fb7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6e529615d4bcbd313c6ab90690dd43ab

      SHA1

      5c9c7e79d45eeb4e16ccdfc2690ba8eaf5990f72

      SHA256

      53efac908f72ba87ca21f5419eb7f49d8d4e5433b56319e92880026ba1f9a0b1

      SHA512

      21025e12b35ad65aaaac9f9c12ffb8c01e7af2fd9bb78edd04e7af5136c63f3ff865f51a4b9e030af03be11ed9ccb596c06ce3364d744262b5e4925d65f1941c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4c4aa162dd2c3e9e2eaedf7291b4015b

      SHA1

      2bceea01f8b3f4321e1951f5961d65ba8be9d530

      SHA256

      1dbd8a947efd955709eca1cc8c8ba45a31f492f8e05fb804dcc91a78174825c5

      SHA512

      9d6898bba19d6fe20ef538151834207893800f1b51e01a072e4de0446962780ec2d3b7a38f767f4b36cf3bc520b9546640d7beb5bb0d7ff5eb3a1e9c8a3ac4d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9262202443e91dc8f72d9444a838744e

      SHA1

      aea308cbead878150322e818a1dc92ae94470640

      SHA256

      5b3acbaa469cdb83aa6c935f1cfc3ce41d61a61e627dd637570f22a9ce9cdde5

      SHA512

      557ed6e2810edc8cce673a6db3d0eb004683916caf75ade05c0c6c998b88a3e7e87c66ecb8f7e082e735d57cf5e5bc3fb460cedb2f7bafa8926ca6135cf87b96

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8cd6d87c8f01edd0e38a20f1cd3cf50f

      SHA1

      d4f42c6842e1f2f94a861244516f6cd91134ee54

      SHA256

      a58dd80e7703645faaa35788b1f103e98a7f7050269747b65fac30d276c4f28c

      SHA512

      d5e427fc09ff11c7ba68437ea60b20811c1d8c0a3a0d6f117723deb530df37b0d3150b5be2ff5c2bc92907039f13508436bbf3812ffd9098217820f25c178f47

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f4fb920ee6e8e19a89040cf58673c294

      SHA1

      b501be93a61a67a7c599a61a662dfc332ab10694

      SHA256

      4ce81e650582dd6128b0aa2bd25befab8609798ca24a29bccddbabb3ed5d9603

      SHA512

      1f86e33d2e3bd8e03e30f7f62b583e4743f7b4b5153370878137a9e60267f9f216a2bb3d02d8a60393978671156ab21a461ee51c79cdc7f473308dafb1a51244

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabDDE4.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarDED5.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF81A21D6A0A920B13.TMP
      Filesize

      16KB

      MD5

      9202ea14b3b6e83b685385d2c24c41ab

      SHA1

      393db0e90353ba55e26243d2f0c174a94fc30227

      SHA256

      970c3f7d35de05fad911ad88d3fa0bb974d0c29ba7f2fe77c9b469f85757df08

      SHA512

      c836a243612478f39263669097075dcfbfec1780cf6f583910ebff7842b82b80743b64405f481b20a042279b0826b3eb712242867c14beea6ac88c23a6d15036

      Download Submit

    • memory/2292-9-0x0000000000400000-0x000000000049B000-memory.dmp

      Filesize

      620KB

      Download

    • memory/2292-371-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2292-0-0x0000000000220000-0x0000000000248000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2292-1-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2292-2-0x0000000000280000-0x0000000000296000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2292-8-0x0000000000350000-0x0000000000352000-memory.dmp

      Filesize

      8KB

      Download