Analysis
-
max time kernel
111s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05-08-2024 08:21
Static task
static1
Behavioral task
behavioral1
Sample
6cfee3e546359d7a9de0928f175bc030N.exe
Resource
win7-20240704-en
General
-
Target
6cfee3e546359d7a9de0928f175bc030N.exe
-
Size
560KB
-
MD5
6cfee3e546359d7a9de0928f175bc030
-
SHA1
48bb8f0321901358335763f22fedd46ef8e220e6
-
SHA256
61a1531ea11eaf3929d36a772bb4e6013aca301e09a94d1d043355b3b9348952
-
SHA512
8f509462b41dfd38a478938d8c6d2524aed35b487e883ee5ca7ed0c1ba6c04568ee48ffd2677596da6bad1bbfe42882c89086d9192c833d138a8f76db5842a03
-
SSDEEP
12288:YWT2MI34YvE/MX1s226UMpTGyLSNEryiIdKRMSYPom5tdt:XRI34YJ2yiKSNEWLKMSYHPj
Malware Config
Extracted
gozi
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
6cfee3e546359d7a9de0928f175bc030N.exedescription ioc process File opened (read-only) \??\F: 6cfee3e546359d7a9de0928f175bc030N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
6cfee3e546359d7a9de0928f175bc030N.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6cfee3e546359d7a9de0928f175bc030N.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
6cfee3e546359d7a9de0928f175bc030N.exepid process 3996 6cfee3e546359d7a9de0928f175bc030N.exe