Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e10694ccc1...18.exe

windows7-x64

10

e10694ccc1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e10694ccc1f5745347b999fd9175ea21_JaffaCakes118.exe

  • Size

    355KB

  • MD5

    e10694ccc1f5745347b999fd9175ea21

  • SHA1

    decf1f005ca5e5fd598c4d7045e5faeebd6f7847

  • SHA256

    5e09e5ca1e6acd32a4f5319944cc80edfb9b5f9b1a6dfbae8b6723b3051a22d5

  • SHA512

    17700476852449491b10c154530a516e8a6162a846cc2accda151370846eec45207b39e9dc1ad7d0eb966f9769f62da989f96c569e39eb45b2aaf02a87bdcbf5

  • SSDEEP

    6144:Z2PfwMqVqOnmWkKrlAUNqNCQzH10YLplTjGePo1nWT/jiVIgn:ZXMqVtn6Kr2UNqN7zH1nnPQWT/GN

Score
10/10
gozi3431bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3431

C2

google.com

gmail.com

zuoashlyc.com

x4fwben.xyz

rreynold77.club
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e10694ccc1f5745347b999fd9175ea21_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e10694ccc1f5745347b999fd9175ea21_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2112
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2196
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:472073 /prefetch:2
      2⤵
        PID:2216
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:984
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2992
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:1968

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      af958b31073b07a8af6cf8aa79837248

      SHA1

      6ac1cbe6bbf1548508e49f09cdbaf676623e9c48

      SHA256

      96ea1c80ed7ee6a9e00736d6c51bef2da20b755b326e4e9d3bf3de81c25d1115

      SHA512

      b6665982013cbe399a6b897ff731875ded67f7bcbb70749c13328083a722eedab9e4779c9a3ea594ec10029e59eba49f2f527db0dd38346e1acf38f35cde6bf2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6b085d90a839ff2e9c03083842017083

      SHA1

      1e08346dd8bbb44a1328ecbb90aeb7b5889b95fd

      SHA256

      ae3b026281bcaa9f44298375debd50dbb40885274719b4f8807de29cfe5e3e22

      SHA512

      724e5c3293066b420d6a8e7c5fec92cfee582dc73bc2c99e8217e973dc005a0029c9f9bdb9d4db864aaccdef792db8a0678114d46648e37c254b7d9ef8800663

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6d516bdf4228a9e7552afeea4efcadb3

      SHA1

      a008150179694c8b393402a3c8825d40838f11ae

      SHA256

      c3f7db2064f133b97707e8d0091846b9ccdd814f996074eeea90fc4529b11b08

      SHA512

      138f061a2c5509e04063c67b1b51b722b350ecdd050407f576224ed1394c7814f3fff9112f398950a0d5e2634b1895d6c18d33de5d28d553c0ddcec927af5567

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      508a567cba7d68e8658b2cc9db854e0c

      SHA1

      908422527952c5168f353de5e2c07dd632da731e

      SHA256

      357b9274b8bcbeaad425a8619d91df6a59f41845ecbb5e1e5f56aca79f104b23

      SHA512

      f5bcf184b7d9b3fa1137c7c79af1a6e6f1326a61d529f39820f9ce6170800046af4c79955e14900c927426daa20a8d6234b3aa4e25cafa400c50b2fd35f01130

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      49faa7f4126efe7e5d65e2d279b68346

      SHA1

      f71f9a64fae726ff2ab3f6506a3655986cfd9c83

      SHA256

      701166d7649923435f0ff857c76d96fa6e032cf15dd8f1ed3cbac45e8c0d485d

      SHA512

      82180fdb0619e096e388975ca9d7f067165f4eb37a9d929992851a3a11f5b2958ba5ddfe44211c360554f44f02f54467f74028a0fefcbf2bdc74898820aef3ae

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      83e48482b928cd7bcaf36351f6c62bf1

      SHA1

      ee7a192e27916129b3613331f122b13fddbfec44

      SHA256

      a66caf7c9fadc9901c20b661fd49cc01a00d165523e08163e6d7af886ce367bb

      SHA512

      523161f29c96fd7d78cc76166f4f46ecc0c32864b16495e433499481e92197f18e3df1ca44b6fc915596f11dd1fc2d8a8a871b00469413945a7ca956e5a04dd1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0f94c5c3b82eec5fc8c6764b82096811

      SHA1

      54c26fc63d2f1170d8aabe9ab808316d0a865088

      SHA256

      e673c62cb1b53e613ee93cf908476cfd0783e494c706bb3b9fe96e5c49b4db4c

      SHA512

      7ce20db5cabf9c1c472f2aa94c740fc07a72cc266a5809bc56e24ae44441fc7b9032ef1f19090ee07fcbca84fd22614c95ce7306d0a717f97e4b826e1333f3a8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5adea5ce89d8780334d01c3c1366118e

      SHA1

      c5e96b5063e0d505d8301c21ee66bce343d7fffb

      SHA256

      95a29654b89d539ad31163892538e88febf07a630a8ef4f30c7042f0325c4307

      SHA512

      86af92173613fd4a0267edb244af117d90bcb86ce6f22936e3060c526b7cc2c1a867f3b7be035348ff4ff8ade6adc7b060d6f568debfc16764bff7d752c347d2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ea686324d864dc420473c6322f649851

      SHA1

      74bef5e28b581ed31c9933d56ae597f1aba6ffc4

      SHA256

      7779aef440f43c266d1cb36a72947b46f102cef38c61fc6ce268852749c7c5d4

      SHA512

      9c596f8d19bc514a3a972ee5fe6c45e7d4f580b6392534f18c710f0e43be0b97018f7317acc21f4fcca96ecb5a339d7215e2d7033bc08b18d31be12d3a7ebb90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7BB6.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7C67.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFAA3B1D52EFA5BAA7.TMP
      Filesize

      16KB

      MD5

      c60ddf82823a5d35af18483572b9fe88

      SHA1

      3c91b81c867655e15c17c898baf54b71db7c7f2c

      SHA256

      22b43447cd89b79d7d29395faaaf6ae09c55b47aaabe06c4ce21ee2f89758d8a

      SHA512

      27bf11d02194bf44e640bb59e96f483699b9f297279c1752263096f991e4de4bb00e918f307925862cd10266fddb0d4292c85300f09ef5f37bb93aa9d9e3937f

      Download Submit

    • memory/2112-0-0x00000000000B0000-0x00000000000B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-10-0x00000000001E0000-0x00000000001E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2112-9-0x00000000000B0000-0x00000000000B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-2-0x00000000001B0000-0x00000000001BF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2112-1-0x00000000000C0000-0x0000000000133000-memory.dmp

      Filesize

      460KB

      Download