Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e048973591...18.exe

windows7-x64

10

e048973591...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0489735915dfd101ba2ca3e10e8cfb8_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    e0489735915dfd101ba2ca3e10e8cfb8

  • SHA1

    26b7d25cce406724f371164997647b4b0c588e8a

  • SHA256

    d43bfaed0208c8243f0a652cc67bfc6e6b21a4991339f072efa91a9ca7db0c71

  • SHA512

    37b1228b676b12532b70bade314636b9694fdeaa952df8940b0ec66d7fa354bed48ee2d59a05f5c4e629257f4f205933731a5bee8839b5d6f075d93f5b38484d

  • SSDEEP

    3072:9Aji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9adp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0489735915dfd101ba2ca3e10e8cfb8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e0489735915dfd101ba2ca3e10e8cfb8_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1928
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275473 /prefetch:2
      2⤵
        PID:1276
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2368
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1792
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2044
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:3040

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7cbe92af4f82c0a7a83162f78639d2d4

      SHA1

      5815e0196dd3d51879a7dc757296bfed2d4fac0b

      SHA256

      90eaf66c29e0e18fe388a2b0935d7b85e8b9acc7e9b6cc1ac3fe8934e4120d84

      SHA512

      b9ce31c9d109f88cea3d759d9578213684358a18ad55923ab3d554fa15306a254555d376f37ff4d2b14d124be927a8c1c84ab4f5bc22274df663f53615cbffdd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b1f6319c1eb38e177c0400e785bf909

      SHA1

      7f3f17d263cf6ee6333dd9bcb10fcad023dc3abe

      SHA256

      c6a74eb4d53da4c04fdc4dcbecefc63b39ac4f980a35cc4bf857aae760ce7870

      SHA512

      fae73db14de23d3feed03adc08ea632330af24f11510795b1aae31a347393411dd848a12d452b3f2c5bae90febdb72692614f01699677584e3b043c3b5a09b3c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a27bb622e48ed742135c83ca8bebdfcd

      SHA1

      36c731857aab38c5cbfabb048715c3b212484db9

      SHA256

      49bda569ce337545d94675f4630451bb10d24156c9ddc355eb4c3569d441f0be

      SHA512

      c13b55cd779883aab7826f81832c0bb426cdfb4e7fe4e4b30bcef9f153078ee7aaedcad5b9dbdd6fa3c93d9c649c641d85820b0cef0c49181a05b2fa5a11a51e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a7132e6bea7be275470d86f677a17f52

      SHA1

      3d6dfdd0038fb4410d57f58b95f019e2a4aeaadc

      SHA256

      4990631566f645291c48875ce8fdaa204348dfa1159f5a3c2bd56058357d1178

      SHA512

      61b13852d1740c5ad5f6a36d83a5e616ed1f40c9e4b202b65377435e102e41614b24d130c5c7ba8b3f8b63e2d86a0ce7024a4234e4fc5e2d07c0d65daaa51dd9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      57e23268d073ac5bb5efe66f224703ec

      SHA1

      cb450b556da04254958983e5e6846741a104550f

      SHA256

      16abd2309b8daaa8b8284d6541d0e602b30aab25005f87142f98df8026c19082

      SHA512

      8fb7a5e161b2e760c4469be5cacaba5121fea8962ad8ed1873b3c8ddf8601332c4c0db3ed0f284483647248b59c20826a280204d8bfdf8614e27311ddae1769e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac9c3c24f64a84c788489d5493b863b0

      SHA1

      b4f93efec65f7d0499f8993d697c977e855ac6e0

      SHA256

      75a8bcd5970ec8f947cf0413edf0df149362d128070da75a825e37f520ab7606

      SHA512

      4be9d277fae450e8d8b3baea64757292d169089854cba73867a5560217911e328d96eba8e961a8637fc1c802ce9ceff14b37521d2986449f6204276fa10f1471

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5cd1e6731d1640087b4a606edfa69c51

      SHA1

      4be0e42a8a5418109c322f9bc57dedb3c0c58c0f

      SHA256

      de4371a55fd320b4dad87ab98fcf7d28d104a0ae0eae23717ad5a86bf6f45145

      SHA512

      ea526fc55320442d2aff0d805c9ab78a199bab5ab114957f2e3d1eb5b79698ce2f64a744a59fe84a35369042f6cc54bfb22073e31553f9149cc7d7d0c649f155

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      36ad8f0fc27a87a55d2734cf8a4c2752

      SHA1

      512dace9d27cf317a447dff0aae0d38dd220b74c

      SHA256

      47121ec2f1539594dd8b4c831566453747bf37b9d6122baacf289c43827c558a

      SHA512

      8ca5632daa2969c10114edfbb37f08f58d9dfaf356c0356dd8d384eefcc4057e75d0ed6207e03fa64fab3aa2c8cc7493d2aae2581f00a0bddc4c11a8122cba2c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cde062765e9d1626b1e736e762bb771a

      SHA1

      d77bd539d009183598ac42b7fc2642c8cc196c98

      SHA256

      1524435f03536b5049e8ecfd6d0a75f3a8a431aa79b20c87d2949ad5eadf9005

      SHA512

      ef2f99b8ee48e054603e3a260899ca25e779da0d329932c379c1277be44b555bc9cca9001bf268b6e64ac4dba1d10126f7bee00d1cb1783009ade49cd7401ff5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab628B.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar62FD.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF99CB249F4D0C15D2.TMP
      Filesize

      16KB

      MD5

      8bb6ec963d3c6d2469fa01ea57506f76

      SHA1

      56e55ed04a8bd12a61c0436049d09683d93525b0

      SHA256

      8c12bd59af1957c59b1163247c8a5023f533f061c59bcba2a674c19bd29f210d

      SHA512

      d3a1a32b4d6129013d7e85bd30a24d06514285bfcdfad4f5b7a6d2268f58590179c81c7c1533d834d8ac7cd139a9fd94f33100991134f0241d2b16f9589af145

      Download Submit

    • memory/1928-0-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1928-8-0x0000000000320000-0x0000000000322000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1928-4-0x00000000002E0000-0x00000000002FB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1928-3-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1928-1-0x0000000000435000-0x000000000043A000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1928-2-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download