Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

de8d7c9b84...18.exe

windows7-x64

10

de8d7c9b84...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 17:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de8d7c9b843d453f2c2cfc6900c30d5a_JaffaCakes118.exe

  • Size

    372KB

  • MD5

    de8d7c9b843d453f2c2cfc6900c30d5a

  • SHA1

    58608874cf2e915fd1f92086f14e8cd15d133bec

  • SHA256

    7a4e1e59b3ba75a7813e007974501b06fe88ef45ede1f8d85e3f3bf4cc4fde09

  • SHA512

    5576b46fb56a7cb5e9b28756da115f3398fcc607d2bd763fe1edbe7ab02a0a8065a72f2312349cb53bb61cfba9a57c73c93a39e2d94ed4eaf2714c9e72e24b23

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzYgF:QKEufaORxezE5Fz

Score
10/10
gozi3181bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de8d7c9b843d453f2c2cfc6900c30d5a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\de8d7c9b843d453f2c2cfc6900c30d5a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1760
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2540
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275473 /prefetch:2
      2⤵
        PID:900
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1776
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1444
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2024
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1496

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c776af9bd61359a6c8ccd20046dafd3c

      SHA1

      aaf416c47bf72204db1485d32f8ff0c055722172

      SHA256

      a0e638fafae719e6715ff96777abef14b56bf73f71d4ba9ecac7ab8d6ec3d7eb

      SHA512

      ff106419a82ef44732ef008d834f5cffd5815303789c95bc2685439082762a5932e960bf69fa597a992a410d1dbddde479083dfde33e64d420f4f2c2d205f1aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e3b64a3ab0602525b8a7a48485860d38

      SHA1

      50f1036de40b6c055eba8474865d8c0f048f9313

      SHA256

      20aa76a40815fe8e2344174ab6a3ddbf26fbccac220b2631f05396a6248a3d2b

      SHA512

      eef7632d193b699ad00ac05ce6400b310e4aab5359055b438c0675c907880047323c9952283369d5718517f1b7c2393a8a7d9b1d18f6bccec79d4a4aeb1f229a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e382d4a8a60e14997eb297bc9a57c01f

      SHA1

      4ee0d058c7390432a54fcc38abae2bb42936b0d0

      SHA256

      b02bd2d336664cf83f99980cc2b7ec7517b06e718105462040a76fbaab83d253

      SHA512

      4ab59a26b41af295bc63f9fcf62e0fcfefa530792c6fbbb660a2ab45c1a8c586a4d9617bf534bd8110a8cd7ea10d56e1e62c3d3476c465fabf6bd4b71619d785

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      41714919963d95c9ce21e9fc6257fb74

      SHA1

      e71216748d3c8e4e3b4b47e2456b455df7ae74d6

      SHA256

      6c24d8c1c5e8c80170b61326c948d0b071ebe0f42aad9777c9ef9e42e031764f

      SHA512

      912f80dc1ae26dfea92bd9adfae71330060900972ab2398d3175fb32527e2829bd442845368575378e9201e90a797ce3735943459f3525c6fb3595260315e154

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a76402ae56753548278f153ed77508b

      SHA1

      353506aad34f3d03dd01879827742db81fd354c5

      SHA256

      976651f1ba77890052815395c901cbe1f9c6a6c3bb50e6fcccc3d7774f200d65

      SHA512

      b84946ffbfdb39d367d5014cb9c7c8eeaaee0f83c0e5c95194edfe6f41a092aef9bd034c9672dfdeb4e49516aa1216f0b836125d9d6e3987c8c3baa0a1921a1d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4b497943c658f59e17abbf9f84abda2e

      SHA1

      57d76e1dd30e31bbd7b2b5699848a87a055f7bc6

      SHA256

      dc4fa6effdf15fbe1382992ea7e9b296c7b833ca9515aa16b259b7007cd91f8e

      SHA512

      287ff95dbb887ea9b463df0f5c2defc7254c047b3b3470d586fc1343be1973cbc7ddccc6660bc79772313f7e23cedaab0f36e6e73ee07d4e15f65608a1bed36f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      efab76acbaa356195200fa3011d12af7

      SHA1

      cad9ae2130c4387415de68384a7267e098f76714

      SHA256

      606c074815186978ba792e982c185defe7433d28b12e1cfd0ef2e25694150977

      SHA512

      e40df1e135ab77e4220cbf0f8587594d94c0fcf237c317cc2b055937082603e61c7faa34504b3ebe61ed53de8b667e432c60959bc5b8005578edc783465a9cd8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d64a2428a002c247953cf3e226698b7c

      SHA1

      56ea6dca1595e38a3c5f8dfbd83c50bb091ad25d

      SHA256

      cc094aed95414457017dc46955f7976d97a32c73ab596f48056c07231a1ff5a5

      SHA512

      aeed898fed7f0f7dd2a9326ff26495977e88bcd9dc6bd53e5b2d5d3b2fcbb3f960087bd76d3616a84940aa4c8dd07ad215424457f03c6766d92b4fa9971ef85c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      03470d7eac1e530ba27a6d6659ba3797

      SHA1

      4f6ab9f9060ab43c5019379ea3a5d5e638d105ba

      SHA256

      01521c110f93af96edb76918eed562600724b39670bd1c728f0c57d1dab19b63

      SHA512

      0fb380f8edb2d8e75d89f7553505caba0036e9dea0f8543b2f5ae156d9950972b239d6310aa948551d29b553a85a3ade554705aebba0955e7af7011c4e0a3645

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      62af4aee8c379faf467a3b85942d2b6d

      SHA1

      964afeb03ef247d74eeae0ab36185d4ccfd99945

      SHA256

      fed3125b315bfe2896e4a8a525403116b1bf3475e9de3a80940182304f2a9200

      SHA512

      45b8fdbdbab90cb4f9ef3f09559cae850a9abc147761d60d3add57f6562191dd6fa48648e8a74fe118a1a61db6fe3ef635d8b4139522c0b375e7621d05baa707

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fdfe62ddde8865fb87882d6a93f65d23

      SHA1

      ed7d97a7cd0b9a59df12e55cce5d483917c5625a

      SHA256

      5ba0fecc2eabb6f258aeb0b095c7e0f90fefe213157213a9c87e253e6f3a0143

      SHA512

      ad34bd2ba785f40e7c639dec312608b39450d252399fa6d625b378bf2d251edaca39b0f858cd6ea7217755b5aefc804f8d7718cab31fec676f08e0b00365f33e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6488bd83cb2f18752152627f40869d4

      SHA1

      faec276efe71e695bc0a5e60983bdd63c9e34bdf

      SHA256

      68d6c36f721b97df2fb48af7c0560764aee28cc77b7edc0ac4077e787b1e1438

      SHA512

      2be1a2aff2f965d5bd19d67235dc5ded84bd3f3730aadee3d66d4091bb6e37751e8cd29aeb211bca0ecf24be33a74d279d94b07e22a9e78c4ec922bff1691094

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA394.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA395.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF02A01C1C3D5B9893.TMP
      Filesize

      16KB

      MD5

      1a21c379c047bca7b5a9e60d85f457ed

      SHA1

      b8e3f252578cbd4714d079a939f745a2b18c5b03

      SHA256

      7c3ad2b9f08d7cdd31de9724fd40b31be7967f8342719e169d42d805337a4dfe

      SHA512

      5b5230989a4046533764705210a52c6373d09fd7ac78f780da00989c458dc9b014bb9e54faaecfec0a2ac6b9a706aec5679ae71fa61d9aa6207c8fe2efd5a2b1

      Download Submit

    • memory/1760-2-0x00000000006D0000-0x00000000006EB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1760-1-0x0000000000400000-0x000000000046D000-memory.dmp

      Filesize

      436KB

      Download

    • memory/1760-0-0x0000000000620000-0x0000000000621000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1760-6-0x0000000000620000-0x0000000000621000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1760-7-0x0000000000750000-0x0000000000752000-memory.dmp

      Filesize

      8KB

      Download