Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d23fd6ff7e...18.exe

windows7-x64

10

d23fd6ff7e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d23fd6ff7e08697372a6f1dd11b057f8_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    d23fd6ff7e08697372a6f1dd11b057f8

  • SHA1

    f588de26eb08a112d9d4b59c55fec191ca986196

  • SHA256

    1e935b29f8329235a040c5f2062bd85b298296e0cb9543a9a23f1ceddab8b4ce

  • SHA512

    6acc86e0cb410980351805e5e1af87a6896f869dcbeb118f305ce3fa782321db423ddb133bafc0caa2fc90007171c0b0450201275a327f375b813d06bbf9b3b9

  • SSDEEP

    6144:NVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:NVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d23fd6ff7e08697372a6f1dd11b057f8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d23fd6ff7e08697372a6f1dd11b057f8_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2388
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f0e3739f1a2c63382496c07a219529f

    SHA1

    4605bfa1908a63a5b4ce533c1ccb7404c187d9c2

    SHA256

    653059ed0679aaae3447e55c84501e67352f864b9b523d73574b703e567c5857

    SHA512

    89e9ea4d57275e9ecb597d86bcaff6b711f1a19400b1504ed2d10dcbb78750226c742de75190bcdef39c969141244edeca2b5110aa3a033ff3d1fb62a7a35768

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    100453b1d9a5b1f3c78370546ef70dd8

    SHA1

    72b359f9c5b2dba405459e51976cffcbd58ddaa2

    SHA256

    efa2ec898eca6e44b26bfaeca6d2187a7ae153c97811a2c5ebaecebeeb8b24b6

    SHA512

    7f4e29ee1eec77d48e75628ca08431a2071ec3f0c56880f477f1cec49c8f4737379354c3d49ee6aa2c95c718e431cc5e2427e518616be1ffbbb2c2dcdcad6ea2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9221c5f4c360de3573e49212961ad9a7

    SHA1

    7150b8bf6e15f8943735eecacb7231c14cb36544

    SHA256

    3d5f91d7cf18341fd707d322ba7542f76d71228d51f2c8302e5ed6b2f0f1b441

    SHA512

    95704edf976e961933e312040694908835348793f880c813fe3ddc565d7675fc73b10c0c6507d81deb530c631102bfb65776a7d76e5631fbb508058acc426257

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47c29c4c346432127818bea572a500fa

    SHA1

    505d802b4dfb377762f3446be8379834e740b05b

    SHA256

    33a9d908855d5468c2f408e7264271b2d44f75cb6701739490fdf855f410cc96

    SHA512

    932fb11714dcc7ca2dff3a400a8f1792a5b170de67a7d6eb3466509ff5436de59a3e1896e20436099e728f029e09279cccdbb93dcdc95da1ad66f106504e379e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95991d4e3fbc441ed352372e17e4954a

    SHA1

    0c39257ae2b2c2d83afa65cbd44d1f5725b25f2f

    SHA256

    67c8f46ba8a991c27029067b9c46c2cac1794ec615112bea3503f2f46faa910a

    SHA512

    352d865a90e74a549f041244d46bf7e2c7997adef84685de79a46842c42119b3f5a82afd836c67d0fde41564e7a49050f8088e38257aa3a2ae28766ef46fa263

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f32dcb3161bd8c4dfdee4a087afd46ce

    SHA1

    2df64e15af45c5ca84f14bcc159ebdbd7de6df34

    SHA256

    d4f4237037296f832205b245ed372949fea3341b65c2b686a4b66274d802a064

    SHA512

    80d738bdc3dc417962c5990e30a0ce08a2d1cdc598681cd2838bf95a2174353f2c2f9855ae88bdfed4f48fa331a44bfac5e46770efcf18a37bb8248f5f373e3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c3f46fffdeea3e25eafd26610d7be2a

    SHA1

    e2c96d7f1a482c4cb5dbd155a0aa96711ad99b3a

    SHA256

    4976e00c778de5ef6c24a5117d70823322f7af14b32dfa671ef796c2712f3c25

    SHA512

    37ba302034153fae3afc927f7a95c1599055fddde5408e4ba702ff75d9ae0a33e0f0eb26aec3bbc4d1a1746ffb2d88079cce502c43d4153be72b0a898c22e7c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65b9ea62e091b3833ec23f55159a2d19

    SHA1

    caf4e6fa1a46d44a7533134462dd0543c67c840a

    SHA256

    a9ce0edc754a3ca2179b403e8e5790c9ff6987cf1d4d239b2b6b5d807d243c1a

    SHA512

    478148574de4a5810658f022f134e5081b48501f0a12cf852e2ed08024d62b23d3596f496e7befc05fb510e86345b0685e1fbd71b775812a5cdf062a39f62a17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a1e8b8d04cd3a5400f40ada447ad048

    SHA1

    25e198852b2c2bb47cc9cb7d6f56a1064b4bccb5

    SHA256

    a414b2a9db7359bee76a27de5e102dfda06ee199d6ecb82752b6d818cb1967b1

    SHA512

    774d62f04f84314c4f812da685b4b7652044f3d76c30970634ce72fac1ea08e48c3428a75e065a02e81d76013ab6822724c02a9bca717e5362d880cd72a3897c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2D3B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2DEA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2388-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-7-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2388-6-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-2-0x0000000000210000-0x000000000022B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2388-1-0x0000000000100000-0x0000000000153000-memory.dmp

    Filesize

    332KB

    Download