Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

9

e448ad197a...18.exe

windows7-x64

10

e448ad197a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/09/2024, 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e448ad197a51b7d2efe4f53477ada67f_JaffaCakes118.exe

  • Size

    908KB

  • MD5

    e448ad197a51b7d2efe4f53477ada67f

  • SHA1

    45f7ece622159605955892c1c10597f46d026954

  • SHA256

    6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35

  • SHA512

    94b3e081979141694e8843ac000257486291959e38cd0acf2086801fe5eee174d70a61b311004b33ad5f07add5eae0cd3743f42c009d5cd62ac405081004d78e

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankerdiscoveryrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e448ad197a51b7d2efe4f53477ada67f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e448ad197a51b7d2efe4f53477ada67f_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2160
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3044
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:537617 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48bf38f09056554717d2c80d74fb3481

    SHA1

    006eb46e50ff956e6b32103f0e019ef641f75326

    SHA256

    7f65816bf1afeddc9d3fec01d3cf637e535d9471a4f72f329a6777fb4320ac7d

    SHA512

    6f00c4d85787da6912a90f64d2f85fb09cf9acbdbced1aa3cc0b16e49bd1429c77759312cc864d072aa0387f9ba3cb458a954dbcbbc150ec5b23323f8579d398

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a187f57b94aa497acf9d8750acbd5c2

    SHA1

    2cffabdd41b49b5772c6ea68b84b6e6404c2809f

    SHA256

    06772e27c948701429ecb60087778ca9c003acc21b32e44b192c82f08eabff84

    SHA512

    111820148509a81d7cf6a6ff2d57c0220a1c511875a957d6032aba8901ae4a5714969ba60ad62c556256beef09209e4cc2ecb78f5a354efad1c06a508ca6bc1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    daf2cd27d8a18ad605e58dd969a001c3

    SHA1

    e6d929b53a6bbbe302a05c9ad5ddf552f51116ef

    SHA256

    5423e63e5ef6c41370f08b2d63a06f5a48327d50dd30785a4308a2a2edcbde3b

    SHA512

    dc76e3e6aba724d84b0fa8f607b41b9abcbc7a8865dab55847d89b7d6ac9828e17aebe78bbeab4aa2f39563d869969df84b3077b2d80abf4204ce156a4701b6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e33fb986c94af6fef3daca8cb415d79f

    SHA1

    ef05d18ec84180a1ffd576ec059c1f9813e16c7d

    SHA256

    690602abf55683263b8b7152250ed2c6357222d14f2109bb317e5294c34ebbdb

    SHA512

    aa385c54c5d7a71d831d0ef2635d883da63dea9462a2f77733f25013f07754c2131b4504e32f0734d3d96e9978068122246290916ab24346802877d4e1e1fb08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b920bb46cbc800e405c68ecea7df9f76

    SHA1

    4bca6d3e2fae94dc2bbaa48cd0dde5d8f2fa08bc

    SHA256

    5d50a0630cbff311bbd2323a939a6bad56b555a07c9e03bd85d99e004517e310

    SHA512

    07de81df086760cd8e63e4f67b2414e43910e97bb5f2b03f2e9d55ba43ad53ce495b0b14021bdfe7916d22b4256d82a57d91f053b4ec9e665bd78a834910ff53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d26d95f618e7164d0811f42574cb6400

    SHA1

    d4fd5ec3b9f2b86bd09578cf0ad352191f588618

    SHA256

    691f899662a777b32d9c831855248e7957c0c9a149d1ca5141585804084712c4

    SHA512

    ab279ca216df8d2d24a65d2dc9383f1ca470c50a4b49c80aa30122114b688d1d41478975146d48c90dd61445fc9353405dca09148730da0b5a8ea96fcf48c140

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4c1e913850259d45a8d58e73b8a4040

    SHA1

    d902241eb77952ce96ffe96c3ef29e60abe2d728

    SHA256

    1386c3c341152320c1dcdc87d8efb6007c66d8f30b675cfc662a14ef2dc027d9

    SHA512

    15f665298326f654394d359d6b164808417d7ea77ed1432ed1c22270f5d56056e6665f220b612e4244143563f53070e9bf19bef34dec6443956ba2fc3dd3418d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6954fc95db0512ca3242444e44a56967

    SHA1

    a8b1203a986556665034cee781883af8ede9b325

    SHA256

    974e1d23141b74d543d0d8d6933685fe2c87e049d4e1798c923c47ce3c28ea99

    SHA512

    b5048d95375856f3fff1c9ea8de4572a6dd91b38c38e559f92aa27e48e5b8b22b42e9112acbfce393c6e852ce011671339b00c768d6840ba8212179bf8ad5671

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5f36ed968f5a9c78111c28c5151e030

    SHA1

    1303ecd28c385d1799fa5e1dd018694873bef4ad

    SHA256

    1df2de037795062d93d640a4c88a7c51fd81d369e15dbcc90f8bf12adc4d1923

    SHA512

    5473cb5bbdf85b0172fe3aa770a84c2d8e765ee724df6f7a75078a8322d957d727fb4b25f7b21cecdc59e2f5f0ab5a197856f8adb3eb182e2157845d06b54bf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b3feefa19cf1b316708bc65303763e2

    SHA1

    8e8e78898c2df17871e77d1b8c832fcc90d1bc2d

    SHA256

    bcc3ddce1421cfca1ee1225073f56fde9c0af01115bdd7931ea3dea56311e5d2

    SHA512

    1dea449411e70d8ea4ab73671b0960f9363e44623e271a7f4a1fc3e9e32dbdc7f23529cade1891b7ed1f0751ed8f86af2d0368f61ecb703f8714b1319f5f1bcd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    342122a78c94fca319d736c8685844e7

    SHA1

    1eb8d67e37fe3dafe17c246c5c3f4a487b3eebf9

    SHA256

    950dfb839893b519852afda63135b8dd6c717dd54ad27c1836478dc9feb57608

    SHA512

    423209d12e26a10a5e521153f753f62c6da66e3a23af5d11d1c9287334015579343da89598cb0249ac42cf6714ceb73ede19617d5df33ba3d547d687eab8ffa8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfe49d124b38686b8389295dc12fff46

    SHA1

    d947816efa80dc86f892093f74b4a7fed84e66f5

    SHA256

    a7cce70e818fb5920c4e80a36b137df839dc8ecd0dcef72b324c24bda4860c14

    SHA512

    23dc2663fa8fdea3cdd348c784b5009f925feb88460524eae0921d95a6e9de1c1f5f7f6780d2647af537e6ecb5f0bbe856535f5bcdf642941fd8ecaa819ee41c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffbbd55742a131461c3544855f87e372

    SHA1

    900b427e60593215e728e1c353dd17414811781c

    SHA256

    6c3d9a1eb01f69dad89c8723ac60086eb25d64e82414e6a17d496b0dc6b7434a

    SHA512

    95c3cc84c55579da64d1b5542410c313a04f347c5f8d87c5129d6ff0b160c2ab5e0fcd1b7315395dcda151ffd888cc417a25158ffebe5b8c034c8ebe014d8401

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a532b9e49afd4c893348005df1b6b31e

    SHA1

    10c510f1935dc3345ac7fdb0975679e4099d76b4

    SHA256

    14a7fd8a70e6f49fa2ee35a62cdea4ea015717ef1b0f3695aa5e46a4ef4657f2

    SHA512

    a038a14857260c0026c276c15013c195b6fc3fc1fa8b76526291fbc08f8d06f06d40e52f855332f04983adea3a246e2f55ca691b37e88f4a04bc0cf1ecb4d779

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23088954460ef5a392e3c01d3731fc2d

    SHA1

    9a4ba8ad27be9fc7ca0be97bd9cb108710f32383

    SHA256

    6596691991e7836aa5e023af1ea3473a45a2b7cb1a3ec773f0e087bde2ebe0ff

    SHA512

    6aab5c1460c72be79d0d471d81c4ebff82c8bd1d0574ce8ed3dd0ee7410bf26d59ac65feb37580c62aebfb198e96ee34e4812f79b8c606230eab78c78fdf900a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f1ab2bed85107ec3300a8c4a9773929

    SHA1

    bee67abdc5ab1ba8dc158ae02c3a70460810a610

    SHA256

    9b7b29e93198da430e1aac3498db0de51abf5e455fd6afba06242f7e014f6009

    SHA512

    bb6c91bf6ede81c9d2490f707c03aaaab5804338c8d8f300d1a4dd3e06b747e116bd51ced3168335191b6bfa8a1879f00c74f2e9f735909254f14809dc64946e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2801c5d77761b44dae54785e26a91897

    SHA1

    de00ce302d7dd2b8b0123cfbc124605e76482c05

    SHA256

    89f4a14bbffa01f25f72f9ae354260e306a08ccdad879facaf465ebf3f8f8dc8

    SHA512

    f79fe175db51275d27c3acbcc228e3e5cde30e8a4e91bb97b1edd0454304f37ecc22da8f1d08032a7fc471ee3b96956d1799eb622e90b587f6d9fc15cee1d8c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c38e4d918679de1feabce65f4f23b785

    SHA1

    6c98a9e092cdf70b9d93d4f7a854df02508d982d

    SHA256

    429e062f8b9c881a5b8cb2a3478e52b2e25946065b234a4780e570177060f506

    SHA512

    c3f0f5c0cd0827661d5f7988a5cb7ac57c53dffc7cf451cde4dc85438098ad3dacb82d0a43630658e7c141b5c23038d475e7f901da4252c6d192b8304695cb5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a51b045db0733043f569ad33870526cf

    SHA1

    a95c6f7063497254caa0eb7a10cdbf1f4fabab8b

    SHA256

    65435955119cd35e0c83f8f48bb9f78b1310554b87020c985750d565276040d3

    SHA512

    273254c5d50dd2ec234c6ab44dacc561e59f8451e4a996367d5fb83cb960237e3a764afc9f4ab0dbd6f2819f1e2927acd7a0d679c8bbf7e9e9433fb2f5b65b24

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\dnserror[1]
    Filesize

    1KB

    MD5

    73c70b34b5f8f158d38a94b9d7766515

    SHA1

    e9eaa065bd6585a1b176e13615fd7e6ef96230a9

    SHA256

    3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

    SHA512

    927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\httpErrorPagesScripts[1]
    Filesize

    8KB

    MD5

    3f57b781cb3ef114dd0b665151571b7b

    SHA1

    ce6a63f996df3a1cccb81720e21204b825e0238c

    SHA256

    46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

    SHA512

    8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\NewErrorPageTemplate[1]
    Filesize

    1KB

    MD5

    cdf81e591d9cbfb47a7f97a2bcdb70b9

    SHA1

    8f12010dfaacdecad77b70a3e781c707cf328496

    SHA256

    204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

    SHA512

    977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\errorPageStrings[1]
    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab280D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar28CB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF79640B65E7204BA3.TMP
    Filesize

    16KB

    MD5

    2385fb9fdb138d98ae3951748abac956

    SHA1

    797b22b033151db926ba1805c607f6e2c44e7988

    SHA256

    6fb956e0addbb04b940ca5eb31bfbe1a33b823fae0a4a0657b20497392af1231

    SHA512

    0df9178b193ffdb88608164782d2b4fab05629dd21c78a93d017bd5ec001e1001f84ba72a135881a4195d086f1e070b30132435bd8a3b3ed45fe2835b3fccdec

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
    Filesize

    3KB

    MD5

    b9d0d77951a30e9346e346b673d16803

    SHA1

    a8044a59868a0c74890bf98e18705bce83376116

    SHA256

    f3bdac7bdc7e93b6a38e80809462028e0c560f3caacd32800cdd782ab4809f2b

    SHA512

    7f5221e42dac3cb4239c04f85484acd8320842d4309bbd9a85d24c547d9c34e73eb128033b94f225c77ed423f5cac3ac7080b8aa4f92f62c77be9e93edce2e29

    Download Submit

  • memory/2160-0-0x0000000000220000-0x000000000022C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2160-10-0x0000000000570000-0x0000000000572000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2160-9-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download

  • memory/2160-8-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2160-2-0x00000000002D0000-0x00000000002E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2160-1-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download