Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e2381bb591...18.exe

windows7-x64

10

e2381bb591...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2381bb591d8104e5639c61751d5682d_JaffaCakes118.exe

  • Size

    376KB

  • MD5

    e2381bb591d8104e5639c61751d5682d

  • SHA1

    16d062a84a29e9510cb69c83e536b21441cc878c

  • SHA256

    dc1f57e5ef69133536585dcdb45f2992281288e8bce7980d27af774b6f3eef98

  • SHA512

    fc66fb58b00dfea88aa4b128c5f0ed84320e8c8584ed644f66756ede2dbd953a812d73c441a31e19ebc3b5ec3ce848dff7afc2c6f44e92fa98102be61b862802

  • SSDEEP

    6144:tFqTpMmb37r+TiZNAqMRQzRZZxKxMFihFAzixQuLNMEC:t0NDmoNAF0RZZxKGIFAzixQuLN

Score
10/10
gozi3193bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3193

C2

fy76qn.email

dst1894.com

w40shailie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2381bb591d8104e5639c61751d5682d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2381bb591d8104e5639c61751d5682d_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:904
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:3224581 /prefetch:2
      2⤵
        PID:2548
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:888
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:888 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:3064
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2444
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:1656

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d15c68d3ff56ec8ff80e3fd9d0110c54

      SHA1

      fc78eb7126b47ebd09d855ebe59ae5563f806308

      SHA256

      e7ba2d2fedb47ecc96e5fb219f334b88c999da23b1449fc13f2f585768bea090

      SHA512

      555cde7a2c483fd617dab9be2df35d1658bc1ff911fc9e5e614ff8493fc74f9a416bbd0249644cc486d70aa5fedd1fe4740a34d79480b0bd8bacc71d638a9c96

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cdadd56a753147a7f6b4de3d9608bc34

      SHA1

      6bbc5c70aa92e9d4a6f89f48b63a41ce7b586b30

      SHA256

      13f807ea9a2bbcb25b91e5ab0ecae7b1209fa4508847495045b58ef16210d864

      SHA512

      bff8c6f56673cd57e9780267ac5683231ab74e56b0552b3d2d8bf930dbf9f5fcc2a851e2ef7abcaf67e2424d7a6d7a3712894a74c6418506aa824d21e0a80f11

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3baf8090321a5548bdd2f8ee75c7b2b3

      SHA1

      0ac2bf75de3ed8ad3548d7bb1a18598233b024f6

      SHA256

      9ff5469fed896b9bc7eea53a58c9a5fd3bc72dd937b28361950d1aed298d8222

      SHA512

      6bf318436a6f5f67b1b3209c36ece7fc887265a84ef8f4a9e30eae309459e36ed2b3b05e1764ee10abd4e619cb6f004fc33ef0a2f4e57182cc473f7cec481af8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d159e6352307a2df6cb41e2e6749240d

      SHA1

      5aba15058e33fb9c0d04662c23a78774be87779c

      SHA256

      d99a45f9fef42ef384edec85200661a6a5375b5af97268bfc8995566def47514

      SHA512

      43c2574352eda8222c7bd34dec8282af840d6e0755fa05d9070edb1d662e874664b18bf39cdc314014568ba2d1d99dc76e2b3744319846bb46c31632a964776e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ddacdb4b1db207b482a7b21aea665fef

      SHA1

      b6b6dd688944f12ab266a5abbfe1a327fa9142c2

      SHA256

      43a0136e07faa57fa0fdf9b39ae7916f621f97e9d93186acd3d693ab704f8145

      SHA512

      582151d7429849ea5013855f066f072d344efc4ce5627499c75a9e05fb2838ba50cae6cc9cc94af4e8b78f88411d22b09602d3cdc2d57a6bc6dd746671d5786b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0220249eb755835c4a1d61f72262f089

      SHA1

      f93de7257cc6aa6382213e029675b79ea0941561

      SHA256

      d716104906b263aae44e001384558b1b7c9dd23c7ff3028710e97fb607986fb1

      SHA512

      e10da63f1f0227057513dd65a520d311a9e7422c2827b6db3fbb765d7dd5acc93b401e844b1ee28b2c44c9a98c8956c74d293130fc3bbbf8051cd437ce79cc08

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      351992e82bfe47c9f0911d60939d26b2

      SHA1

      8d035b063a7608e3f2fbb82245f0fd81bb76846c

      SHA256

      75476ae0d5c8be6038ba71e30492ebf8c95235904ef5ac8397658f38bead4118

      SHA512

      1b9ed20ed23e1d562a0f6a385118817bbd27af88f31b7437b7932090cd8bf573a2f6c8d226d393718d346b95b64c61735a2f47e083ac479bc1f919a53832a02c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d07b5a69bf79081e0b324a946abf0742

      SHA1

      a55792d5f70a29e21a2f7e3f6d31cd235fb69eec

      SHA256

      db3a64dbf8201c09a7c339f0c0c39124fb8a3b1bd4b54cea1e6e500eb496cab2

      SHA512

      5bb30070aec46db06cbe047d15720aa392dd6372d7d8dfcb169bf7665b48cc4521d5b5b6d011dcfffa946ce0b914423994c10d88bceb4d732a6d3cb63976d1cb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab65C8.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar6677.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF0DBC57EB52B2E539.TMP
      Filesize

      16KB

      MD5

      dfcb0adda7998b075f01b23ba8443c5c

      SHA1

      5d3c116fde99e44fc9d737271a35e58d8b681982

      SHA256

      0f772701bd5a5dc3b860f23f8a9869c5083477b2dfa2b890359e75b4d81798ae

      SHA512

      6902c8e1026796c9d31ceebb5adc14dea59f6fa9b0c75b5bed1a300451e672b2fc9547199283c30841a4b3702b5f4f728960d519e7e3251bde2f48db73ab7577

      Download Submit

    • memory/904-0-0x0000000000080000-0x0000000000081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-7-0x0000000000420000-0x0000000000422000-memory.dmp

      Filesize

      8KB

      Download

    • memory/904-6-0x0000000000080000-0x0000000000081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-2-0x0000000000290000-0x00000000002AB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/904-1-0x0000000000BB0000-0x0000000000C17000-memory.dmp

      Filesize

      412KB

      Download