Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dc3bf66669...18.exe

windows7-x64

10

dc3bf66669...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc3bf6666966013e986ff6eb7dc254a8_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    dc3bf6666966013e986ff6eb7dc254a8

  • SHA1

    21b2955028a9f2bc83312d53e5288a5e014c1b30

  • SHA256

    f1a3fe00c51a8c1a15dd013764221bc2005d527aa6f0e977f6b177255c5cc33f

  • SHA512

    47400c08fcbdb4daf60a3105f7952c0fa10289d18a9cc7099734af6bb1a9a82aa7b349d4fb336a20743a0f4798edd5a86602e84029e6b24a69a4202ee2f29212

  • SSDEEP

    6144:cVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:cVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc3bf6666966013e986ff6eb7dc254a8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3bf6666966013e986ff6eb7dc254a8_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2320
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20d01ae893649a357fa9bd523598fe55

    SHA1

    672f58c81e3645aa44e614fe17cdab5835e735af

    SHA256

    4d2f70749a549e1f33ef1a025914c54ae4aaef49ef0ef019e0c55641dc4bc039

    SHA512

    a1d0f403cafdc3a576080f72eea01073afa078dcd90331eb91adf1df6a794f0e14d91cb77a1c67e93fed92a7c0aa2a00622fbb82a0fa1cbb27e9110fe016fcef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf2fa1a6ffd6b29b3e838dffa128439f

    SHA1

    d7b1908f498ed57e20eea188dac0b975de044589

    SHA256

    68c0af387b926371b984fb94da71d507af227fca9ac3cd81ba78810a5dbf9585

    SHA512

    dab404d7c18bb75ad0dc9008b3fa7a83baf7f0c493ad77bda5d375b0b2c4fe11b1ca8e8306200ce8db8e6157c4e8c726404bc66669e311f3a28f3285f9bbf9b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b7976f69cc1efcec3db58513f8cb2e7

    SHA1

    2efd5f482551e5e04b75c98df322cf103bd367ff

    SHA256

    9c801d998bd31955d8e5bc9d9565d0626bdd96ee13d2417c5f934ceab97e2332

    SHA512

    41b250c6608abbf39fff6ac965d14c2be21e9119ef8bea8785701ef6323b8dba7f1dc0aafd985ccf162d9b00a756b9649ea1054ccab3c7f8fea98a44dd87bc2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ad205f875b2fe773eaa662ac17797c0

    SHA1

    f6403b0e48c7e194b876bcae0815c6a1b76fc7d7

    SHA256

    bb61b658c869baf7b9452ce107f975ccd5c5f4237ecfa1f17e2e14bc469b4a70

    SHA512

    1148fb379e9c3416da744a37bb9fd48bb8a36a79b6db17a8bcaedb4a2d3b0297c48c483374b3774ac7cd57cb6d69c06f064ab70c208499d2bf48e318b89990b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    186f8281152888c928f201635c1e87dc

    SHA1

    c8e308c62257759e3548f4fa5614610af40aaa3d

    SHA256

    cc894d22ff64249245b60e3eec8b34f550c808d471d95ab5e3148b7860fb50fa

    SHA512

    be62153b03b9048a0a919adb6fd26cc772312a9d145fc8d957c820c5c16c415751f2c40334d0c7417d5da8ab70c0610af016a9038c3bcb994376cf569771e9f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d3be1b1cb6783f8e44ad411a30cba0f

    SHA1

    7179a334b2e7f7026739fa917c5174b433b605b7

    SHA256

    f0aa96ae4565b202d839fc3a0e6684163a41b975459498a76fd9791c359be46d

    SHA512

    d639d3be39e63a44a15994944924f32d4d574f8ba6cf717f472def16576a61b8a2aa89b71b651f8bc96c9990a6fbaecb39d6147d85ab7022d0c47d58cdb58220

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09b079caf03af757d6e135039a1000b6

    SHA1

    13ae4fee1c64ee9bbcaeb16bbd7520fdf29dc494

    SHA256

    ae150e07a3d8487d63710a11c4ae091735963dc0cb5229ba1a17ea6a3612f059

    SHA512

    c4574777f87dafd6d3001773fcb98cd795c4f4c1d329a715ea614394b20c875525c860171b69dbf750cc6db0cfbfc5319a8ac7ad2205894f8460c6daa03a1ddd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d1b577205f65e251081804f56afec28

    SHA1

    a79c3b4204f1417f9b1f1a53a13c3a52447c353b

    SHA256

    eb7ffd41ced7947664d6d14c7b312051a940ab26c4264dca1018ee4430b474c5

    SHA512

    d377bb74c93865576f6df18e25323933aac111c4922abc91c33d9cb61b05749729331b2751902eaac296545d163c18f817cabcf82649218de3151c17648c62e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87f76d7a809d7ac69dbd1c89ddbd57de

    SHA1

    dcb1d9194f79ab7ef03d262002b1d00f25f5f4c6

    SHA256

    d2b86797a1e06da576f4e7617475095bd7b4ecece59a65c239af5321abbc3402

    SHA512

    1ce4ddac4a7165d23038d2eb8dcb9f0061514e922b7e955ca1cbc11b8e0b99cff1bb96f75b632d15c86a1726e0310b34fdc43e659685c4094a780746ee247659

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eccb319614bb8d6291299a4e45d5479d

    SHA1

    a32923c6623f46368f663ca6bc82f9652f5de6ce

    SHA256

    dbd8b0c7ab95c1b341b3c7593687169b2735264ce2987eec83dd9babd41afd66

    SHA512

    3d8b0c343b5d07ab9e405560ceebec8238a70c34004bd9415c53df577364a51ef25179a934180023cd1e797f1eb7976a0b7fd76147c659c2ebe759dc9095fc25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a36584619d874c056933ad454d6843d9

    SHA1

    135bb94214a927391e6e583ac85870890620f6be

    SHA256

    df53574ff13ad50289eed4dc2eef3c41f7273f4e9af060b7729d4a0f9be72d58

    SHA512

    e3a69aeb26f0bc4b3e6a6ec66605a0ac3b74b9f521b932dc99ec2136754e78b3483b3c6383b5ac72a884dec1ee92ae4003b771e05fb11934cf6e91f9178a2ac4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05a12afe3dcca6d7cc03e184dd6c7d56

    SHA1

    63c12772a6413b4ebd90ae3717da902b92303497

    SHA256

    0fc5308a306982f39f3afaff45299ee10f468cf1f467de7bd0641c38d2c24e5e

    SHA512

    ae5c75c568899564a8c17f8e77a02b24fd6553164f4335295b7b3d30402fce51e4a939e58f1e094b953eaf36bfe161327593f79a09d4eb52c6ca6a18d19e307d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f6756ec7b5a4c5a52c242742f6c4215

    SHA1

    8985f25b80707e44f11bcc0e5ffd497e368880ca

    SHA256

    275ea2c7643c220cc0d1b48d2bbf73bea37ac57a6fe65b3472dd5b4f29bd7edb

    SHA512

    235cee02013cd7ea0ca3187256226ecb6e56e6d8f27ec110945723654f39768ec339c9d3a70bf1067076792a695068f9d583395b745c905804fc82aac9a18665

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a003bf1e761e8b39a0561d727978f68b

    SHA1

    adce95d1c273c2b3f74d6b99efe5a97c77dd1381

    SHA256

    841c5b113189973a25574f4740a105f31d5beeddf66b05652a14c6ec0a310238

    SHA512

    28b49bb05bf71e2ced19a07ad2c589f478ac9839371558c198da780f7c67f6653286d3fb1028aec3d312d53a2aa806998effe8666ef84802f08fa74b1008d5a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a420ddb6950a4bf77ce4949b0a2d4915

    SHA1

    fcb0b911dd12da04d22b4b39a5e33ad5d5720f7b

    SHA256

    3acb98725d233f1ab567fe1bde48f39633cb7dc24bb5979687f9944bb039c50f

    SHA512

    fa0ffd9039d612a1c7a92116e23ab8af88c94e063c14b7f440144747ddcbcc152da657cb79fdd63dded854dec6c41e6d051f74cbb4d45df5a271e2e6296fb69e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1661fb5714ec98a4aed9a4e6aaa33357

    SHA1

    b8ae0ca461a877bbeea6101c377b9ecb5c4a629e

    SHA256

    1568a04c58935401d018fd4ec7aaaec49cb6a2ae4acdd735cafdaabf2db428a2

    SHA512

    40b08dd83a0b593d310a4efa64d91bb069eea6ac6a4e6173c6df47577bbf2bf31886983940dbfee4dba1d9930657a5b1f3e9dae8d72a3669ab4c0aa47bd343c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53edd7bc3367b82158c15704c57a598d

    SHA1

    11a5d840af6576392e4e62b5f0b7d97f9bb484c9

    SHA256

    5d6a730161df6f528b26091d7e42559eba715606f87b5e80f9b883c6516d23f0

    SHA512

    c8a19337933d20dc03dceb39c2b401efa482bb57ad04ebf6097203a6764f4f3d9051bb0044095b88be67f3ae23a8a214cfb50505d03e2be398895da7a074da49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62d7678977979ad1fc59082e845e6c04

    SHA1

    18a1def01e87dcb80995b864b50166905a1645e9

    SHA256

    b60dcae92ab7df2911469997a136dabe90c63c11312923e33f866f7a2dbfb34b

    SHA512

    620bb333f838b13ff1aecdcc3f3783fc1b5125538ecf5542515b53a832a95aaa610474c32d3d42cef62993efc582a79f615eebfd6d0eae0336cdaa90c7c4c49a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e686b02e01a962b67788e4c890e5459b

    SHA1

    8b78792d3560fd3acd375b55633c1ba4fb66372a

    SHA256

    7d2167cf217e9bb141f771f729a57202cfc8d9ce63f43fecf37600304d91586b

    SHA512

    535e978e44a2b28acd69e8a87e4c6e9c3f365331d7503b4f30f899522da65fcafde082edbbc030da81a65c8286998e658ba68e889f4e3c6d47d944d80cd59d25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab56BB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5769.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2320-7-0x0000000000380000-0x0000000000382000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2320-0-0x00000000000C0000-0x00000000000C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-1-0x00000000000E0000-0x0000000000133000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2320-2-0x00000000002D0000-0x00000000002EB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2320-6-0x00000000000C0000-0x00000000000C1000-memory.dmp

    Filesize

    4KB

    Download