Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e00bb51055...18.exe

windows7-x64

10

e00bb51055...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e00bb5105561a8af2be87911a6bd05ec_JaffaCakes118.exe

  • Size

    376KB

  • MD5

    e00bb5105561a8af2be87911a6bd05ec

  • SHA1

    0eea997ed0bfba015623d131cc439f82c62ec1b8

  • SHA256

    1eae3c6c9abf74ce688594a3198f8c678b57f88e5f57c6e22b64af3811709d3f

  • SHA512

    95f78a5615c1462b7eee9f11292b049d4aa7d02dadbc3964abdc165a66ddac2f66269f1f9c5a7622aeff99e3fb1204e26bbb1d149e5f825cfa1210a1093d5eb2

  • SSDEEP

    3072:hkyrSmefi8xQRv00gDg4JSUrQrY17hJHe0KuVuPi6d+YShwaqz+UQc/uGkn3dK:hkal2i8WjgDUY9hhFxTyUOaMkN

Score
10/10
gozi3195bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

3195

C2

nsyblefgg.city

m25lni11528.com

dgrover.band
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e00bb5105561a8af2be87911a6bd05ec_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e00bb5105561a8af2be87911a6bd05ec_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2228
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2668
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:472084 /prefetch:2
      2⤵
        PID:2496
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1292
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2512
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1576
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1576 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1504
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1536

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6d49a6e2205211c2f896d684d101eac7

      SHA1

      4607bbde0549cf5ffc8eedf76b1ae25a35bf0160

      SHA256

      48f0559e1daa9cf4986f9d6fd4886a5e88ffacc77ce14d79455f104e039e9609

      SHA512

      f1d7adfa1fcfd51837995d2dd4ad8f4c1c7449f8c503cba46c12fb4f041339cba9cd4c140d5f83057175cc2e1daadbd074ca1b06e6f5d9b22d3c042ff3366bab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0a983e63fdb931cad3eb62e219f34432

      SHA1

      7eaa26f5e4c5bc0bbe2e024d11bf309df9ea13d4

      SHA256

      76329af6371ec84b4fd42a144b7ffda6eb851aeb8d0b3d3f8bb980fdc159923d

      SHA512

      7d76aaecbf627142c9b044862f0c6d933f43f2f3009608739dff02cdb5d2c5112548d70d48b61c04295282f31a94a8191c4c482407d0f1177b389e78a0975855

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fd53aec38ab48e9c6fcb8df8a439073d

      SHA1

      e3c890e61b6e79b4ad12ac5f282a6019e65d10b2

      SHA256

      d713368f4e2d00e5cf4623c057de496a1e082d664892f2a45ba3190c7632fec4

      SHA512

      2e1888dcac52e3228ab489f862efd2501930e8ff2e0c91509d20689219808882cf7296ddab0ca544ed6794919c5a6aba7df98eed790d404708f042ef14e81362

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      516b316b4018bdfeb4ce5e0af6e4c8b9

      SHA1

      72ad674ced59a8476859a54dbae5d28d8c7f1b16

      SHA256

      6d636f8954387bca360526f99560736f4e2dd5406f4343a0cc28cd369c3d1107

      SHA512

      c0cd73c3366e5c58b03de030b95f5b118593adecde62fe06f8857b400311ebc4d22c59d9491fcebe5dff16466a3165c10467db73a20148fc15150030b575e4d9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6f485383108c61bfceb7d592d326da2f

      SHA1

      2712154f6c150ace6b22b9e592d78662a1daeafe

      SHA256

      528da03e4e587e83811e1aaaeaf8a62d8d4de8a928e410d8df90e6aa7c927255

      SHA512

      5eab07306b1d57d78d6762a5b1bd51b4967501648844693110e9761f43cf9f919ce140b30b77dcc4b77f1050cde8ab23c40e2d06a318bbf623a40a756263146f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f4b8a1baaf365b08dff2a8605735321d

      SHA1

      c60b1995003965623be66f04a89491209d904004

      SHA256

      b10fa53c17906d6e68e8725365369a84200607bdb5f97b13790b627a0e57e9f5

      SHA512

      612118b2d1148b627399df9a633c3fce8d69fb9dd5eb589f2c945a85fc893ee2c03a64a55dd0c2055deb49b2c66b28957f543234c4beb177c6a39b13fd536dcd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      39eb3e80a4b2f594de9e126347b0a78a

      SHA1

      19e5e2f281ac753abe6ed8bfb198490cc8a72714

      SHA256

      00b209628922fac81aa6f55285db65f4fad0dbb89c2eff48a1580d4331cd55d0

      SHA512

      68a7a4515d5850fa998284e5bff7b554921aa8822aaf912b4a59cf1670edff861f225365aa33af3e7b112c46b399350352da6bbde3a45f8119769629755c132c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ce4f254021e98d22782fe56fd793dfc5

      SHA1

      fe0cded39a8445179a51ba181ef8ae3dc236ffd4

      SHA256

      a07ffe01d9b0adcffdff3a39da7af2d99057295309ffbf74712d83965e8006a3

      SHA512

      ba459bd8a7c1563a492e09bcd419f70edd7de40bf95b9c890ff8708ab1f267e07f8875da58165cf47364c28c9056c5eb793bedf5e276a63133965f564e5a30a5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      18abb2d596d8b317cb7ea5698008bec2

      SHA1

      c07372f43bcbe60f1e64831e922d0c2ca6a1e472

      SHA256

      f88f7bc72a1b51f4cdb1c7a59c10618201061367a9c708d11178bdcaa53dc35d

      SHA512

      228a3a28811d5af25d24dbf8bf9337a652a2ddccfef9f2640e088de61decc5daf07e5a4a23539f0ef3e51e98dc9022055dcc83689a9d034f9027a17c6b644ef4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA8D0.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA931.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF994FC726678EAACC.TMP
      Filesize

      16KB

      MD5

      6c6562d925b652e8395155409a38e265

      SHA1

      b5f8b6327dc6dd0065f43900ebfbe9ece4e6a582

      SHA256

      db9b1548c732c9594919c0192d614a645e9330b0e60c9bb2355df3953df8ee24

      SHA512

      2ed25368a85b1ba51dbc1895d7517364edbb0910ff40ccd1f6b8531f1ba9f48bf2ff6a1cb96490feda95303e579e88b43169635e6baf8402aabc110a15fed682

      Download Submit

    • memory/2228-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2228-7-0x0000000000170000-0x0000000000172000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2228-6-0x00000000000F0000-0x00000000000F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2228-2-0x0000000000120000-0x000000000013B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2228-1-0x0000000000910000-0x000000000097F000-memory.dmp

      Filesize

      444KB

      Download