Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e38a9f96ae...18.exe

windows7-x64

10

e38a9f96ae...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e38a9f96aef867bfa130d669434659bb_JaffaCakes118.exe

  • Size

    648KB

  • MD5

    e38a9f96aef867bfa130d669434659bb

  • SHA1

    9cd383935fed8b2a8bc6e9efc20fc718547819fa

  • SHA256

    3498465b56e77a2c977ff3c2b6817540ce16d4697cb8c0e429622b104d615bc0

  • SHA512

    4e6e0131035b6640654077d5ded69c7333c95d25101fcedf451988a0b644a5762a9c3af0e1baa622e3e6a8d0858992256c998eb394167803f1e6928f01e5ba37

  • SSDEEP

    6144:Q5mTEYUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEY3kEDnQdM9rEju0TH4l

Score
10/10
gozi3189bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e38a9f96aef867bfa130d669434659bb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e38a9f96aef867bfa130d669434659bb_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2104
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275473 /prefetch:2
      2⤵
        PID:1512
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2232
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2352
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2732
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1828
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1828 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1852

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      73d1d7a4b14d51f8d437b5ab2bd744a0

      SHA1

      47e81039e44ba64131e96bb0af4bbd163dee6ea0

      SHA256

      3026ebbf6e12cb08160aae895540b7fa218d397212822b343258c36c185b2ba7

      SHA512

      48777f4feb31ce9d55f323ec9dbf6384fad75f389ddd30290be2fb171aef22c9578b2056445256a7e168f2fc9167bd3d629c306445f492e599a848551019f1b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ed1eff69387efba27b78b9dba5e17235

      SHA1

      d0f26b64ffa299273fec6ae66bfac1bd95f1ee74

      SHA256

      12e2d2126c262682953a14d83aa0a917ecd6b6c83d34e51d10626cd3ded61e53

      SHA512

      b452c97ecc13353600eeacbc94c5d96358efa471d071c1ddfaae9d6cfa364265d1a7ea27a15e3beb54e0337c0a84c00b51e30b3b82a00b043a3d4f2cdbd6fa6e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e5d77f9e3e0389a48ac1ac50cd774898

      SHA1

      9d61f2f4a8a39342ef52c8b2c381e2b210cf2a56

      SHA256

      5de1e4eaedd32b7dfc4cb3331e13bd3f22e8f3dd3a22399a554445a4c7dd18c9

      SHA512

      34396b452845efe733c7f454275b90dfeebc3fbc4cf3a2186ae7cacb976695d27436901d1165248117d6eb348d6ec1cbd292d1c26d16edd43f00531776421983

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0cccfd06dbbdf3170914c3135e2eddd2

      SHA1

      da2843ccb36473d86c96fa0848df3614a88b1b42

      SHA256

      616f060c9efe876bafdb52103cd0513a682b40441e2d0eac6bb50bdb122bee03

      SHA512

      a172f59c8ff77d2db830ad76657242287380d47fd76f822d5fa5225e0dbff2cdc62dcd4a9597aabd3dbf734a95371eb4fda6a58b87830e75a392a518ad94c4a1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d7f0d4f17db9a943c6ddf68ed4fa3752

      SHA1

      b72e512e25f0660350c5def979838c6972ab279d

      SHA256

      15a0d1c0ead206745148417af5d486101566bdaa1e4a41c187ebf585eb336263

      SHA512

      59e7b525955e6a3f932fc79117924c99cdaa052f5ef1bca9d4e255883f31ab883b543337ec419ca5cbdc82395682bd138184e1d4481c65ffe7df3c20b2b276f0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      494cba92db1ee57f2dc5e83806de0620

      SHA1

      472b5231ee2120f2f8f99b407c3dc5ef084a6726

      SHA256

      acee359e683ce48482843c5df1611cff05ac2c3f1198209732d2a1a996859f1d

      SHA512

      2052dfa2fea981d45a1652fd55410a62fc03582b9812fd107581d613116a310e560e4700097a7d7a5901a0fda2081a0267d791ac16496bcf6d33eb3a3403aa2b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5e0f6727f8c615a1ff03e5f4c3676518

      SHA1

      8598098a3214b06d42e0a557bbdbe475f3ef071f

      SHA256

      47ad663b3ec2821eeefc940d198ed8ce500533449c2a968c2fc8228cf14fb79e

      SHA512

      68d3101549a7cadcae339b1a5e3ecfe5e1c995ec3b3b6f1a76f9045ce4de85db5ef0e5b8841b5d12ba8a12610e0b13f45396bdccc93f700df4cff2ad66518697

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b0a272627f3c55950b7083de6dd9b4a8

      SHA1

      d49f2ba0b4ef14304ce468698f38dcc46cc8f78e

      SHA256

      7fc8aaaa0707dd721eb6ae174a4058ac22a63a65904df8d63cc2137c235fcfe8

      SHA512

      03fae1b2eb4b9bf08a36c5ea775cce07458c2d70bcf6d186e789f1503a15d5eac1bebfc0b3665c0074822a87b91fc2e62964ed20cfde63c53bfc3bc89c86d402

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c0d94926f2649638d2245e89fcbe4789

      SHA1

      2750ee38bbbe2249dbe8b80ac225594b40a3100f

      SHA256

      c74797a40beb575157c4f1d9b3e8c2254863cdc7f1ccde9cb48fe2d52551fd21

      SHA512

      8a0f94e7b3166bb112be0c319712623a745fa487efdcc368f77f4d332860eeecf4a8e120830956f1f6000adaa3a9770da25f0b27ca6915ef08338991255bb4e0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5CF2.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5D05.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF1FB1A9CA0F639C9C.TMP
      Filesize

      16KB

      MD5

      77b55ec8828e6daa31d7b40ad06365bb

      SHA1

      921e2190370446db7a594b19d6c0842eac29a6a9

      SHA256

      db0cde0a4ae657e1abb8971b79dc904d1715f991737501a0adbf33cda0c52ace

      SHA512

      c77a6820c423ef401f2622dcdedf79c58de13e7422a725bcb02d9b652c8929024cf12143e78deacb7a87eb9953016925ef70d8fc9ec956dca214dc47c852ac48

      Download Submit

    • memory/2104-1-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2104-6-0x00000000003C0000-0x00000000003C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2104-2-0x0000000000270000-0x000000000028B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2104-0-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download