Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e18f4e3a6b...18.exe

windows7-x64

10

e18f4e3a6b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 02:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e18f4e3a6bce5cde83fe10e2bd4342ab_JaffaCakes118.exe

  • Size

    201KB

  • MD5

    e18f4e3a6bce5cde83fe10e2bd4342ab

  • SHA1

    7b187849c9a30851e32425a6c093dcdf3663cd8a

  • SHA256

    755a5e7b70f95cef2f6aaa2110a3e9ea4d8b582f693e247ca81e03eb57eeda0b

  • SHA512

    48392de9828f352bed05befd8497ac1ab4e92c39f72e1489a9705f3da9dd7a507630f64769c9e60dc6fbd7e32fc9f6c301bcfd102d460396809b858053e5b04f

  • SSDEEP

    3072:T6gU5AEvVUVFmbiEe/AKKkFkOO+kAWXJCTdwxQJaE++SqMHcuxZ+rNwoq:+hysilAKKk6OORAWXJeF++zy0S

Score
10/10
gozi3126bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3126

C2

cochrimato.com

dinagetter.com

alogencian.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e18f4e3a6bce5cde83fe10e2bd4342ab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e18f4e3a6bce5cde83fe10e2bd4342ab_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2360
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2596
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:734213 /prefetch:2
      2⤵
        PID:1528
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2468
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2216

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      378a0abc3a39d883744439fe5cc59edc

      SHA1

      84fa1bd3694923d70b5c7b03ea1d0ccda417d032

      SHA256

      3dee658a9f926f89cc131d6bdc248a0b5f998f44a7e0b49c900defd40e202ee1

      SHA512

      977c51c04fce2212eec3579fdc3b3ef287469df0ba741dbe2eb395bd9cbe444c234089d0c17ed3b3ef36e63fb0544bbdba54d345466cb941b770556fbed6ab97

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97dd4668672a77edec3ec9d34fc81d2f

      SHA1

      f0e89b8904e555eb21722171cb4d5ef49c201916

      SHA256

      990128a5f474404821b88f26a6e4570d4815993b8999f51cee52d25aa09816ad

      SHA512

      4d8d2393ed88a31485f995f390301c63f62ccd45cf03d1deec6f440c3d99add114b8ce651a5f3d5fb2e5ece51a0cc2b1dc0d00ff7f64d4a131b74552a40415ee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      22e04a184844fcdae5e518321baedae3

      SHA1

      c86e1549085b35f70e6ed78b12f883e89bccc47e

      SHA256

      9d674c6e7f0d7b8f77fe2ba0941884266e7fc450f70e996731b50754ad804943

      SHA512

      a21886f5c360719d5aa58838bca26202b4ce8eed103ca85074b54ef9138679fd0e83ef9075deb7041c0d52c29777dd391f8b2d7af6f0c0f495b5e3fff8faa1b0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      acd23dda11d022bc54917482551edeb2

      SHA1

      abc67496838139cbafdaf31878ddce1072d67fbb

      SHA256

      ec43b782c3f9bd8e0c5378c050b57a03acb721a6863cb85601f570df2edf45ae

      SHA512

      a2bf9425d6286d221383024a4b3ba980815155532953632bcde60aed2182479a98bec00745ba3dcd6a98603f749fd44a8caa329c6df752a318b22b3dcac557c8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      acdb99fd7ffe476ffb54906b89814fa7

      SHA1

      70fc38bbbe7dad596714c79040565c74abe5987b

      SHA256

      350d313b83721b28efd2d37d2e178bc840b41db15fddf21d1a688b8cc5796189

      SHA512

      762613afdd365a3c831339745fb6b15fe448cdf269438c2e457a28641e73fa80eb78b60ea458526d28ff16c3fc3d472389207f9dced6722a0d38e8fe5bf17e5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      26f2f5e3fadcb34cfdf74da44e47c2ea

      SHA1

      9a358f3c5c71075c6db09b8b77c3c1b9ea1d71f8

      SHA256

      f80572aa8b75f3dd39d9f9299cec569b4ae1acb868b494f82343954864f14666

      SHA512

      38947017284145888411c82b62f2f3a0e2993bae1c81686506c4c1e2d640eceee7f4d288bbdd78f4d1534e97483e20acb8fa80889e2e445eb6ed0ddf5186f251

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      007fb52db946a054ad92daedef34e836

      SHA1

      3ff5af30dab4f23f470e8dbc0beca26ac76c7160

      SHA256

      82cfd8becd00cfd55c16547795321409b4ed535435f41ae6ff7635753330b391

      SHA512

      a5788ccfa4c1e86b2ac8aee0de83d5a8c449306d68125c44789c7bdd5db08771a0fc05de049c6b406b9af4ded01abeadbcc9b09274ffc80c9779c8be29a785a1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      70fce2df4b10b08dfde375b7a5d52281

      SHA1

      400a72bfd5944676d33f45a0b77973e4f886e687

      SHA256

      d3ee826cb175ebe6005932e841209cc5a2fb0d8466d2449760249a6dc5f60678

      SHA512

      a5cf68be04c766003460d8289a09adf440ef8cf48699c657d16b722b4ff2dd57459307c3f6e9c5574a9fb900a88384795dffb9118fce0aa7e5fa9ecd32dfb4b9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      01d9efa53a0cd35049bbabe94630aae5

      SHA1

      699651a954709c779fbcb647f18eb668e5aaea65

      SHA256

      c4a0d4f89887869e60673e7dcd188f31223af39159f5cc4a3ef6cab097b15656

      SHA512

      822e766f56684a08d64486b9e6effa3a1b4f6d737adb4372728aed181fe31c04b3f2b9d8e2f885b7ea7c72b50fa83d435380795e2040b4b7f5ed36da4311fce5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabEC73.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarED23.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFAAABEF9E771A9402.TMP
      Filesize

      16KB

      MD5

      c21a4c99efebdeaafa92ecf5f621952a

      SHA1

      27c9aa6e2f5f3642f7da9ae6402042e85aa497be

      SHA256

      66cca76e8fa127c03e41a736d68851591ea841f235ef62fc1d186a2201548ef6

      SHA512

      2fcf6224dfbf8c3f494f52bc02110bcbd61f54cb0058fd28638b5376084b8d8b6674b52fe723ead2876c481a12e45b841e88a1150204715ccccc468117b4e8dd

      Download Submit

    • memory/2360-0-0x0000000000020000-0x0000000000021000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-7-0x0000000000320000-0x0000000000322000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2360-6-0x0000000000020000-0x0000000000021000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-2-0x00000000002F0000-0x000000000030B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2360-1-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download