Overview

overview

10

Static

static

1

94.exe

windows7-x64

10

94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94.exe

  • Size

    288KB

  • MD5

    35eb15db22e26d961d4151afeedbe67a

  • SHA1

    754923d156367f31bdd67a990c36d517f54f8c95

  • SHA256

    94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f

  • SHA512

    11e036654d7361ed7ce94529569faaac196a647316509618f400f2819a45b09d2e0c35f34bb3e7356c6f747d9297671177c4439664de631d540ffe3fc29d0bc2

  • SSDEEP

    6144:5QCAmQFgNUpGijhKHGke/TaHUMhn0RM6BfKuTtmaJepw9Eg9o6r:uCAmQFgqRhKM/ninLgfKuTkkXEg9oQ

Score
10/10
gozi4780bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214084

Extracted

Family

gozi

Botnet

4780

C2

microsoft.com

avast.com
Attributes
  • build

    214084

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94.exe
    "C:\Users\Admin\AppData\Local\Temp\94.exe"
    1⤵
      PID:1572
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:1624
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2332
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3348
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4436
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2568
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:17410 /prefetch:2
            2⤵
            • Suspicious use of SetWindowsHookEx
            PID:5000
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4572
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4572 CREDAT:17410 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1604
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:880
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:17410 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4920

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          c04af526ef1338b7a95090a096fb836f

          SHA1

          9872580735c19384b9eab5baf168e288862dd8aa

          SHA256

          3839653c6cf51672c67c89c5b565c5474aa031c98746cd89c5763995a61b3d30

          SHA512

          46c4c9d951074ff2fdda76283306e5ae12fe1829bb24ec8ed827785ff1967075c5da6cd21b447adf69e2af663b38cab5a478e54213f46e84a7f329c1eeebe40d

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
          Filesize

          471B

          MD5

          8cd25250859d7286f43300397807a1a1

          SHA1

          37f1292575231f47d52035bf867b7c4530175dae

          SHA256

          170b4544cf5d2dbbaea9a4e779f2a2d764f451a962371c51287aff77f57126f0

          SHA512

          a34c2ca531683271a06afdefd3352e9852d3b9c630bcccadea32881ca842b71ed2ccb3d701d0a0adf733ea469e18276720e5bfc1cfa5fb6afa9d1d45e13d8f9f

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
          Filesize

          471B

          MD5

          2871dee453b96277e243698d0f613b81

          SHA1

          70414e9430664fe1f4c32a7a72e11a34555440a3

          SHA256

          5fd2d245f69c579ae2ca68d0ee634e57b1659b9ba658fa517c2bdc8e38ce01e0

          SHA512

          f3945e8aa01c23e10855413418afd4aea461bf6ee441eeb11d283e2d3e8c17bc0fee45a1d250b2e1a68b4e43c01fe3ed93184017b0f71b59a45f9dd071b20ee7

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          bdfbed7ea2d5e0fe1075394a50458f8c

          SHA1

          aefa25ecf9870daba48a31274c02747137158dd0

          SHA256

          e24cfc389d446f06799bbf7cea403e3b4e17980d20ae44c18bb7acef6e002b1f

          SHA512

          b766f0a9bca14b42690fb75b47f8b1931820ab4f8dd186f5881ead6469e3d38424571f5b5048be2d1f86b179a4716948935abe1c20de8edc3d080cf77abc0a96

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
          Filesize

          400B

          MD5

          fa393666a5cdcab1aaa6df1b47fb5114

          SHA1

          ab201e08d3b3f083e987beb382dedbf73846422e

          SHA256

          6dcda0215575032733088c480309932e94eadf6ab2c0b237c8c56bd2d633e586

          SHA512

          6cbc78b5819bef8fe19a211ba2b0e9be969bc13deef85abf452a7fdbf0c5108839075847d5dc80a0d3140b7cfc3b646a9e8bce4d6f874427d9422946914af5d5

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
          Filesize

          412B

          MD5

          9132ad97ca4f080d7ffe6dff406f6971

          SHA1

          49ae88cb35af0c7356e01b2b576c24fd1fc654aa

          SHA256

          c9be48bbbbb41743d76411a7af85e589f20ca6b100b0b144d9afc3a63329f092

          SHA512

          0a66a8152f74b6fde35118b4f5c4a9cd477f3e285d6b39ae9e8d97a4b2838463aad71c386342e72b5254c728ee90a783a26618baebd95bd8bac285d5ae111da5

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\j7c4o4u\imagestore.dat
          Filesize

          8KB

          MD5

          00e0408e59294d3c1512998400d8808c

          SHA1

          ed25389ddae271b92acb28407e5d73baa94bb61e

          SHA256

          49a1dba5f529d1eb36022f7d0a0a3de0ff871501d379391ef090bc35ebbc29ae

          SHA512

          83939239df316ee4a0f94f73193caec4243bc7b714788f676cf209edfa96266454e561276f8fc2e58ca9da581e06b5356dbf4ac7347c7b7fe3a3835371f182aa

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\j7c4o4u\imagestore.dat
          Filesize

          8KB

          MD5

          987a30c2fd11b32c9c51bf83080ed49a

          SHA1

          23579915557e6333345c78b33f3609c58891e4e1

          SHA256

          02103d19b5ff29986d85e761023c070d65693913e9ee402013cba2826d09ac37

          SHA512

          cbbdd72e0393665bbe01dfe3b5588bf940a2a8998e39e1e1898f1f5c8420691a634888fac2d0bbf00baebe98233bb4eda1ad6480ef36189b58778d4786e7cef4

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\MWFMDL2[1].ttf
          Filesize

          19KB

          MD5

          5410c5517f1bbeb51e2d0f43bc6b4309

          SHA1

          4adf2d3a889a8f9d71fac262297302086a4a03f4

          SHA256

          2f4e38662c0ff2fab3eb09dcb457cd0778501bffee4026f6b0d9364abb05db46

          SHA512

          e0ef3bca5cef4b6b69ce09fc5295e21a5d151912585ae80703139550bd222ef463cba856ea7f37e9d8bef21eebd7790e3a7d81d580469997a8708b11b00e61bd

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\jquery-1.9.1.min[1].js
          Filesize

          90KB

          MD5

          397754ba49e9e0cf4e7c190da78dda05

          SHA1

          ae49e56999d82802727455f0ba83b63acd90a22b

          SHA256

          c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

          SHA512

          8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\mwfmdl2-v3.54[1].woff
          Filesize

          25KB

          MD5

          d0263dc03be4c393a90bda733c57d6db

          SHA1

          8a032b6deab53a33234c735133b48518f8643b92

          SHA256

          22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

          SHA512

          9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\2b-8e0ae6[1].js
          Filesize

          134KB

          MD5

          b9c3e4320db870036919f1ee117bda6e

          SHA1

          29b5a9066b5b1f1fe5afe7ee986e80a49e86606a

          SHA256

          a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48

          SHA512

          a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\mwf-west-european-default.min[1].css
          Filesize

          550KB

          MD5

          12dd1e4d0485a80184b36d158018de81

          SHA1

          eb2594062e90e3dcd5127679f9c369d3bf39d61c

          SHA256

          a04b5b8b345e79987621008e6cc9bef2b684663f9a820a0c7460e727a2a4ddc3

          SHA512

          f3a92bf0c681e6d2198970f43b966abdf8ccbff3f9bd5136a1ca911747369c49f8c36c69a7e98e0f2aed3163d9d1c5d44efce67a178de479196845721219e12c

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\MWFMDL2[1].woff
          Filesize

          11KB

          MD5

          5ed659cf5fc777935283bbc8ae7cc19a

          SHA1

          a0490a2c4addd69a146a3b86c56722f89904b2f6

          SHA256

          31b8037945123706cb78d80d4d762695df8c0755e9f7412e9961953b375708ae

          SHA512

          fccbe358427808d44f5cdfcf1b0c5521c793716051a3777aafde84288ff531f3e68fbc2c2341bbfa7b495a31628eab221a1f2bd3b0d2cc9dd7c1d3508fde4a2f

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\RE1Mu3b[1].png
          Filesize

          3KB

          MD5

          9f14c20150a003d7ce4de57c298f0fba

          SHA1

          daa53cf17cc45878a1b153f3c3bf47dc9669d78f

          SHA256

          112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

          SHA512

          d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\ca-ae3ce4[1].css
          Filesize

          167KB

          MD5

          b7af9fb8eb3f12d3baa37641537bedc2

          SHA1

          a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4

          SHA256

          928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71

          SHA512

          1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\favicon[1].ico
          Filesize

          7KB

          MD5

          be87fd81ff4e82e7ed57b0c8951c66d0

          SHA1

          4a918234d3225b585dffb7b6d587acb3fbb39618

          SHA256

          637b67152dba0b0b33c8aadb38ea7c86b7a12b37366c7183f898c36c222b04fd

          SHA512

          87ec908135335b4074d412b04188bf05d00f468400d2837ba2ca1c77440b6f2f15ba648f2a8f42b1301d77df54bf2a00e59416942807ccd90e36f59431638de7

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\wcp-consent[1].js
          Filesize

          272KB

          MD5

          5f524e20ce61f542125454baf867c47b

          SHA1

          7e9834fd30dcfd27532ce79165344a438c31d78b

          SHA256

          c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

          SHA512

          224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\~DF677C526A9272B21A.TMP
          Filesize

          16KB

          MD5

          4a03dd935783b9632cd9e6dbec169c60

          SHA1

          26319fa1750b60efe794882262fdba4dcc0c27ca

          SHA256

          8e85f88d3f2bb28d243a2ef2c22c111c4af2e19ea0bfb6bda49c6e92f2b4a9af

          SHA512

          6f233aadc69ad34ac5b3085aa4abcfda2ef7788945d2239c04217a1e8230e16ccf3570dfc0840f7b01b14d4f77c1af3d71ba08d1af5abe68e5b74a92f4c48277

          Download Submit
        • memory/1572-4-0x0000000001120000-0x000000000112F000-memory.dmp
          Filesize

          60KB

          Download
        • memory/1572-1-0x0000000000745000-0x000000000074B000-memory.dmp
          Filesize

          24KB

          Download
        • memory/1572-2-0x0000000000710000-0x000000000076F000-memory.dmp
          Filesize

          380KB

          Download
        • memory/1572-0-0x0000000000710000-0x000000000076F000-memory.dmp
          Filesize

          380KB

          Download
        • memory/1572-3-0x0000000000710000-0x000000000076F000-memory.dmp
          Filesize

          380KB

          Download