gozi | 94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94.exe
Size

288KB
MD5

35eb15db22e26d961d4151afeedbe67a
SHA1

754923d156367f31bdd67a990c36d517f54f8c95
SHA256

94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f
SHA512

11e036654d7361ed7ce94529569faaac196a647316509618f400f2819a45b09d2e0c35f34bb3e7356c6f747d9297671177c4439664de631d540ffe3fc29d0bc2
SSDEEP

6144:5QCAmQFgNUpGijhKHGke/TaHUMhn0RM6BfKuTtmaJepw9Eg9o6r:uCAmQFgqRhKM/ninLgfKuTkkXEg9oQ

Score

10^/10

gozi 4780 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214084

Extracted

Family

gozi

Botnet

4780

microsoft.com

avast.com

Attributes

build
214084
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1160823804"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\avast.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "17"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DOMStorage\avast.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d04c8b7405b1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d045e45405b1da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000812b54a60b2e6a4492e5ea1c65b0ff7200000000020000000000106600000001000020000000ac0bfb8613325d7ad4184881543bfbdc076e44c9321884bf6dba01585ee1274a000000000e80000000020000200000001ab7f915ef1dc07f745a92b1288061695e1b4df86bb5720e89f01bda9ded0eeb2000000034f25864413cbfdcf2294a1bc4fb457001655b51b0b67e8e3d9c667d71e33da440000000dcd3fbd69d6d5aa5db5605d5d1f14dfe727fdfb0d568b479624961b978696280444d84359d34fc03413564b0263b776b3e0a8fb28cddeae70fddc588dd6cc999	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31109381"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.avast.com\ = "17"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\avast.com\Total = "17"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000812b54a60b2e6a4492e5ea1c65b0ff720000000002000000000010660000000100002000000088d438724b9db4914d5bf656b2ec99b6afc82c8aef629c8af49f2577d0c4b99e000000000e800000000200002000000081904347523874bbb48e911678752240f3bd7bd3f309aee1a90a6792886456e0200000001431c946d935987bae134783bc56dda2fe8aa057579a560a522d47ac45ab48c24000000033e81c961e9b6a6264377f7d6a1b46ac4bc5f5614f3b19c6d7577aeaa8e50d47ad718f4580b15306cb11be88b2fd978a441792842bd9e7ffa67892382c580e7f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\avast.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\avast.com\Total = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e048076505b1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8FDB3F4B-1CF8-11EF-B9F7-DA5F53B51256} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00439e6305b1da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000812b54a60b2e6a4492e5ea1c65b0ff7200000000020000000000106600000001000020000000d60a6d7bb5765888db54b4de0606e4a4af4c3b1269a961d914d575bd500acbd0000000000e800000000200002000000080bb7541d84251667c8255eb510db62859377d7fa5f6b08f544078154fc03c0920000000b26311f1aa03d7a0263f2858984bc5e74cea6cac3fad4ae16d650e095c48999e40000000126b3c36052ad5db647c657ff1f36696b47e4782058cc65e9b55838f62682cc80a731244ff50afe0c85de42f8c1bb1f887edf9e58e086909bb6cfe65599d5a17	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9012474c05b1da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000812b54a60b2e6a4492e5ea1c65b0ff7200000000020000000000106600000001000020000000224ec061ec1a7b30f21942fddd8ead5d99a18dcc859febba60f880ddc9d7e300000000000e8000000002000020000000c0a4fa112426238e18b7a549d672795c0a56682833a12c47aa5cec1c83266a2620000000b9481e84bfca9f2cc4f0f732ae94de5c9659e76b8ee360463a2ca90dcaeb920e40000000e84745cfdb4426a306304764e54ce8e64a1a372e6b35d0fc58a39830a3f7e38e0f30c7423fd655d26fc5a46c76efe4583a524f58cf40b4c9ec79f74843afb06c	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2332	iexplore.exe
2568	iexplore.exe
4572	iexplore.exe
880	iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2332	iexplore.exe
2332	iexplore.exe
3348	IEXPLORE.EXE
3348	IEXPLORE.EXE
2568	iexplore.exe
2568	iexplore.exe
5000	IEXPLORE.EXE
5000	IEXPLORE.EXE
4572	iexplore.exe
4572	iexplore.exe
1604	IEXPLORE.EXE
1604	IEXPLORE.EXE
880	iexplore.exe
880	iexplore.exe
4920	IEXPLORE.EXE
4920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 3348	2332	iexplore.exe	102
PID 2332 wrote to memory of 3348	2332	iexplore.exe	102
PID 2332 wrote to memory of 3348	2332	iexplore.exe	102
PID 2568 wrote to memory of 5000	2568	iexplore.exe	105
PID 2568 wrote to memory of 5000	2568	iexplore.exe	105
PID 2568 wrote to memory of 5000	2568	iexplore.exe	105
PID 4572 wrote to memory of 1604	4572	iexplore.exe	107
PID 4572 wrote to memory of 1604	4572	iexplore.exe	107
PID 4572 wrote to memory of 1604	4572	iexplore.exe	107
PID 880 wrote to memory of 4920	880	iexplore.exe	109
PID 880 wrote to memory of 4920	880	iexplore.exe	109
PID 880 wrote to memory of 4920	880	iexplore.exe	109

C:\Users\Admin\AppData\Local\Temp\94.exe
"C:\Users\Admin\AppData\Local\Temp\94.exe"
1⤵
PID:1572

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:1624

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:4436

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:17410 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5000

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4572 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1604

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:880
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
c04af526ef1338b7a95090a096fb836f

SHA1
9872580735c19384b9eab5baf168e288862dd8aa

SHA256
3839653c6cf51672c67c89c5b565c5474aa031c98746cd89c5763995a61b3d30

SHA512
46c4c9d951074ff2fdda76283306e5ae12fe1829bb24ec8ed827785ff1967075c5da6cd21b447adf69e2af663b38cab5a478e54213f46e84a7f329c1eeebe40d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
8cd25250859d7286f43300397807a1a1

SHA1
37f1292575231f47d52035bf867b7c4530175dae

SHA256
170b4544cf5d2dbbaea9a4e779f2a2d764f451a962371c51287aff77f57126f0

SHA512
a34c2ca531683271a06afdefd3352e9852d3b9c630bcccadea32881ca842b71ed2ccb3d701d0a0adf733ea469e18276720e5bfc1cfa5fb6afa9d1d45e13d8f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
2871dee453b96277e243698d0f613b81

SHA1
70414e9430664fe1f4c32a7a72e11a34555440a3

SHA256
5fd2d245f69c579ae2ca68d0ee634e57b1659b9ba658fa517c2bdc8e38ce01e0

SHA512
f3945e8aa01c23e10855413418afd4aea461bf6ee441eeb11d283e2d3e8c17bc0fee45a1d250b2e1a68b4e43c01fe3ed93184017b0f71b59a45f9dd071b20ee7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
bdfbed7ea2d5e0fe1075394a50458f8c

SHA1
aefa25ecf9870daba48a31274c02747137158dd0

SHA256
e24cfc389d446f06799bbf7cea403e3b4e17980d20ae44c18bb7acef6e002b1f

SHA512
b766f0a9bca14b42690fb75b47f8b1931820ab4f8dd186f5881ead6469e3d38424571f5b5048be2d1f86b179a4716948935abe1c20de8edc3d080cf77abc0a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
fa393666a5cdcab1aaa6df1b47fb5114

SHA1
ab201e08d3b3f083e987beb382dedbf73846422e

SHA256
6dcda0215575032733088c480309932e94eadf6ab2c0b237c8c56bd2d633e586

SHA512
6cbc78b5819bef8fe19a211ba2b0e9be969bc13deef85abf452a7fdbf0c5108839075847d5dc80a0d3140b7cfc3b646a9e8bce4d6f874427d9422946914af5d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
9132ad97ca4f080d7ffe6dff406f6971

SHA1
49ae88cb35af0c7356e01b2b576c24fd1fc654aa

SHA256
c9be48bbbbb41743d76411a7af85e589f20ca6b100b0b144d9afc3a63329f092

SHA512
0a66a8152f74b6fde35118b4f5c4a9cd477f3e285d6b39ae9e8d97a4b2838463aad71c386342e72b5254c728ee90a783a26618baebd95bd8bac285d5ae111da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\j7c4o4u\imagestore.dat

Filesize
8KB

MD5
00e0408e59294d3c1512998400d8808c

SHA1
ed25389ddae271b92acb28407e5d73baa94bb61e

SHA256
49a1dba5f529d1eb36022f7d0a0a3de0ff871501d379391ef090bc35ebbc29ae

SHA512
83939239df316ee4a0f94f73193caec4243bc7b714788f676cf209edfa96266454e561276f8fc2e58ca9da581e06b5356dbf4ac7347c7b7fe3a3835371f182aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\j7c4o4u\imagestore.dat

Filesize
8KB

MD5
987a30c2fd11b32c9c51bf83080ed49a

SHA1
23579915557e6333345c78b33f3609c58891e4e1

SHA256
02103d19b5ff29986d85e761023c070d65693913e9ee402013cba2826d09ac37

SHA512
cbbdd72e0393665bbe01dfe3b5588bf940a2a8998e39e1e1898f1f5c8420691a634888fac2d0bbf00baebe98233bb4eda1ad6480ef36189b58778d4786e7cef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\MWFMDL2[1].ttf

Filesize
19KB

MD5
5410c5517f1bbeb51e2d0f43bc6b4309

SHA1
4adf2d3a889a8f9d71fac262297302086a4a03f4

SHA256
2f4e38662c0ff2fab3eb09dcb457cd0778501bffee4026f6b0d9364abb05db46

SHA512
e0ef3bca5cef4b6b69ce09fc5295e21a5d151912585ae80703139550bd222ef463cba856ea7f37e9d8bef21eebd7790e3a7d81d580469997a8708b11b00e61bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\jquery-1.9.1.min[1].js

Filesize
90KB

MD5
397754ba49e9e0cf4e7c190da78dda05

SHA1
ae49e56999d82802727455f0ba83b63acd90a22b

SHA256
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

SHA512
8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\mwfmdl2-v3.54[1].woff

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\2b-8e0ae6[1].js

Filesize
134KB

MD5
b9c3e4320db870036919f1ee117bda6e

SHA1
29b5a9066b5b1f1fe5afe7ee986e80a49e86606a

SHA256
a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48

SHA512
a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\mwf-west-european-default.min[1].css

Filesize
550KB

MD5
12dd1e4d0485a80184b36d158018de81

SHA1
eb2594062e90e3dcd5127679f9c369d3bf39d61c

SHA256
a04b5b8b345e79987621008e6cc9bef2b684663f9a820a0c7460e727a2a4ddc3

SHA512
f3a92bf0c681e6d2198970f43b966abdf8ccbff3f9bd5136a1ca911747369c49f8c36c69a7e98e0f2aed3163d9d1c5d44efce67a178de479196845721219e12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\MWFMDL2[1].woff

Filesize
11KB

MD5
5ed659cf5fc777935283bbc8ae7cc19a

SHA1
a0490a2c4addd69a146a3b86c56722f89904b2f6

SHA256
31b8037945123706cb78d80d4d762695df8c0755e9f7412e9961953b375708ae

SHA512
fccbe358427808d44f5cdfcf1b0c5521c793716051a3777aafde84288ff531f3e68fbc2c2341bbfa7b495a31628eab221a1f2bd3b0d2cc9dd7c1d3508fde4a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\RE1Mu3b[1].png

Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\ca-ae3ce4[1].css

Filesize
167KB

MD5
b7af9fb8eb3f12d3baa37641537bedc2

SHA1
a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4

SHA256
928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71

SHA512
1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\favicon[1].ico

Filesize
7KB

MD5
be87fd81ff4e82e7ed57b0c8951c66d0

SHA1
4a918234d3225b585dffb7b6d587acb3fbb39618

SHA256
637b67152dba0b0b33c8aadb38ea7c86b7a12b37366c7183f898c36c222b04fd

SHA512
87ec908135335b4074d412b04188bf05d00f468400d2837ba2ca1c77440b6f2f15ba648f2a8f42b1301d77df54bf2a00e59416942807ccd90e36f59431638de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\wcp-consent[1].js

Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF677C526A9272B21A.TMP

Filesize
16KB

MD5
4a03dd935783b9632cd9e6dbec169c60

SHA1
26319fa1750b60efe794882262fdba4dcc0c27ca

SHA256
8e85f88d3f2bb28d243a2ef2c22c111c4af2e19ea0bfb6bda49c6e92f2b4a9af

SHA512
6f233aadc69ad34ac5b3085aa4abcfda2ef7788945d2239c04217a1e8230e16ccf3570dfc0840f7b01b14d4f77c1af3d71ba08d1af5abe68e5b74a92f4c48277

Download Submit
memory/1572-4-0x0000000001120000-0x000000000112F000-memory.dmp

Filesize
60KB

Download
memory/1572-1-0x0000000000745000-0x000000000074B000-memory.dmp

Filesize
24KB

Download
memory/1572-2-0x0000000000710000-0x000000000076F000-memory.dmp

Filesize
380KB

Download
memory/1572-0-0x0000000000710000-0x000000000076F000-memory.dmp

Filesize
380KB

Download
memory/1572-3-0x0000000000710000-0x000000000076F000-memory.dmp

Filesize
380KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads