Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e1f2351925...18.exe

windows7-x64

10

e1f2351925...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1f23519258c80db3fd90609787a5fe5_JaffaCakes118.exe

  • Size

    648KB

  • MD5

    e1f23519258c80db3fd90609787a5fe5

  • SHA1

    89bc37f27c5debc170520859257c8d119e10f6ce

  • SHA256

    81a3856d76c1bbff260542bae3092ee387abba4a80dd0c86619a86718ef2303a

  • SHA512

    e1e5152ccdf5ae16929f0ce8496e8815887cb6c89796a4a9930cd1fdf4ff5084343878489dea27b671161a37638391fed3055a257638db6c66dc0f5c8fc3cf69

  • SSDEEP

    6144:Q5mTETUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wET3kEDnQdM9rEju0TH4l

Score
10/10
gozi3189bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1f23519258c80db3fd90609787a5fe5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e1f23519258c80db3fd90609787a5fe5_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2052
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2608
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:603147 /prefetch:2
      2⤵
        PID:440
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1336
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1336 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1488
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3064
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2696
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:768 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:1900

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d351954415b8fa20af5f3ef76d305d61

      SHA1

      35dc0c55db6487af0b278e0d0ff51c913cc8a492

      SHA256

      cc29f64e08104101768f29d461f1236dacf73c2c0102eead08de47ee4d543c66

      SHA512

      03f215a4a9a0b98e7037eebc060697a779e197538d35b6c8ca7ef05bafdf0587b2f64815877709e42a8ddc57fb93960d31caea7b435cbfa5d02b6006c86e0bd8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4773066b51c4260aeb95dd82b8d295f8

      SHA1

      683a69a6f3f26cb36f1f90829666bc44e5a14b3d

      SHA256

      583b0f93258181e2e9f760222603e685b155a70fe88d16bd683e9043f1850946

      SHA512

      dfb3252f7ca6728a63eb46b2de72740e7419899bc393154db2b6fae9005d72b8da4d90603bcf6c914e7dc4efc15ad2637b89b060f1f45f04f43255142645b152

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e3ed20d3c8a3da09e82b3e46ce008033

      SHA1

      26071417e0e21c8f26398977d8fdd2569e16955e

      SHA256

      52be3f197ba761f3e61bcdb6ca70834083130db3d217f3027ca20cc88cef06f6

      SHA512

      0a2e47ace9b003606a53ce9dc89cfb959ce7ba48797815a59ee5d4500ec3c2893100462a2745b8943d9ff6b84c6dc6b8b80a9f751846378ff4d195f29bf9ad76

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ba4b10ef63181079798aa0b10ad834c

      SHA1

      93bc619680b2faca8af750d2ba5f596f4fe358af

      SHA256

      29ffa061645510db1fc66f7a4ded5f914b068400c8dfb79498a041307e770b1f

      SHA512

      68e37fe2b017d7e2526bc22edbec6ef8afd7bbeefbf680143f41b34892627c020e21ec191a99f17a340de98038c8e989773be8d2559548f57bd94067633ed9ae

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4f75d0fec93e254b07780c62c02f66a6

      SHA1

      fe045d8d621a5ec69e18e3e29c81cc8136ab01be

      SHA256

      120f674d6ce816f5f16fb17609fbbd18dc021aeacd535e28b083b037a8f0bfba

      SHA512

      960e8bd1221d17870dcd62fab6d07c5dca46d5acb25beaf50a18c0c92d945f72c12701643daf30ff54068ad2741616057fa018480de0c60f83c73440bbebc5e8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f2e2d40e2e573e060249173178e893b1

      SHA1

      6767c4c0c300442ca3d229b8ea48a8d741b062a7

      SHA256

      e8a6c7b9742c26fa25f2ad16e66f2762a8275c21e16c868d196b26b3f5001d5d

      SHA512

      f0bfc54130f69a5a259f8ee7ba161018943b27e003bbb61c46d5e821d5749096595482428df3f612b77ddba13f24296643d3fa8b77f73ede1bad804e134fc397

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d54055bd99e3ba3bdef9a41aa3003470

      SHA1

      7416c4a55505b38fb1038f35d461991f2ff68291

      SHA256

      66f5e05a3e8d08c9299d69b4f3cc5a935452d619b6022eae0c57c230faebdcf5

      SHA512

      bbbafa91b2f306875375990b3288b0e7566f73d7f3141fe1bf08a40ade3150536e42d08e99d0cd6beaaff5a51a1c846f03bfde2b79e56f5d15553c3a521886b5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      433c80c26a70f7db1e4656417eb0da5f

      SHA1

      8d613f065407ef0635469a2757a29516a7397e10

      SHA256

      26202196618cd0c80026b1285456eaa8b41018380927e58438659591a44f5c17

      SHA512

      492d346e56839e018939dfd28854abbaa0bd24fa6a2e8eacca07b6e7b3fa237ea27f8cd4e7cf6da5103b0fba662b693fca27fe66e67cc4b6540b2674eb0e6284

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3fefa78b0c33f165b6f08701f50df5b5

      SHA1

      45342bb932fe3b279fe9df82db0e08a813c8d3ba

      SHA256

      a138079650c0752d89e1bb3a1031f650051e4a6185f9dd7037f3659b72f7c62f

      SHA512

      0656cc30788ca5a5ce864ae5d2c29dd647129683ca62e74eedea467efd5e957167270145b604095773dec09d254cd2cc251afcea754dde27491da0117bdaa516

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2AAA.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2B5B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFFF99FBDA41D445D6.TMP
      Filesize

      16KB

      MD5

      e62b44a09d02e8a81c3578393930e8f8

      SHA1

      c01327bcb5922f4ad4a827ab98094f5249c44be2

      SHA256

      c1efec8e5d277d5894fa008c0773a3af10542cebb8a7ef9c1b0327acdce81268

      SHA512

      23c95e1ef1d6edc358c41cf98f493b32070ab045dc34aad996e3460005c6dbec88e763b8197e0454db7a83ebfe0ff6e2f62f2cc84ab87333a3c46be3b7939b43

      Download Submit

    • memory/2052-0-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2052-1-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2052-2-0x0000000000390000-0x00000000003AB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2052-6-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2052-7-0x00000000003C0000-0x00000000003C2000-memory.dmp

      Filesize

      8KB

      Download