Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e4d704b068...18.exe

windows7-x64

10

e4d704b068...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/09/2024, 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4d704b06890e9cf90fad4f5360442db_JaffaCakes118.exe

  • Size

    648KB

  • MD5

    e4d704b06890e9cf90fad4f5360442db

  • SHA1

    1c91ccfdb8ef91c73ff12de81c227354df5df8c8

  • SHA256

    254f40367a05ee6d608022ae2bd7fdc7a9e47a1b1aa4dd65b5774d3f59709693

  • SHA512

    1f324c496837c49699961190d63dde6bd700ab4c9727805002bb7668a1fe10c2bca4a4ffedeaf2a552605e88dc131b85e70137d19506b1cd6921d33e69beb7bd

  • SSDEEP

    6144:Q5mTEYUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEY3kEDnQdM9rEju0TH4l

Score
10/10
gozi3189bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4d704b06890e9cf90fad4f5360442db_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e4d704b06890e9cf90fad4f5360442db_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:236
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2640
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:472075 /prefetch:2
      2⤵
        PID:2428
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2704
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1712
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:1412
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2372

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8b0f2f34fa8de3f6c7ec07b0cda95365

      SHA1

      6c34340e08f6ea516d3d7b2a23e9350c4759494d

      SHA256

      d3067037b77f3b8815c09346a7a2658f2c66d8c112111d108594124c4755954c

      SHA512

      261dac2f9a194c5d081b43af70cee379aff761342b3847217f304287fe40ec82261ed44cd1dfdbbb349228b64197acd42623999ddfddb6beb8749536a0b25f4a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aaa28f2ea13df09c6db40eb4b342b716

      SHA1

      4a6bfa3496c0d2f11f95d5719c0c636b5a5e1bed

      SHA256

      4f2ce468e0b43bf06d62787874243671f07eadd3bec5630fe590d9d223d947bc

      SHA512

      f391e632ab4724d8c0f19bb43c6024d75caa41f7286a3131382f60a80e52c720b16d2a4c2b58bba652ba0d87fe945853f57f5898eca87f3b4fea966b6fe379e8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      44c106d1ff85d94c60b48257150dfedf

      SHA1

      47d4c9d87c77e23d503293f271c2b5f647580b7b

      SHA256

      c86d722cf00c2be05d8fb61ab35980324e70a3359ea30736a846fe2c6816d3dd

      SHA512

      ce2b62af98db626f8009cbd5e2e78c963a1d0859c7fcc983dd18b36a9809d6861aa81f8a68088cc080d3b68779934c2dba5b7222fafe700d7c8f549fe823a6f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6e934fa3c3a27b84dd2a2e73956d8252

      SHA1

      e4972f30ded03aa7ec2ae8fd4ab9f59b681ae07e

      SHA256

      f29ab70ed15ca92bdf93dd5f480e15f217d03551a3512279592b00c1425a8f62

      SHA512

      8ef937596a127926d35b0deec5a80a4cd302eecd6c65cf8ee7cca583b46c51769ef9dbadae4a2c2f1a1df13a4d0b64dbdc3ac8bcba3d1d5d9ba706555c0ea251

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      69888bf14d46f15f940dbcb293708779

      SHA1

      874d4728daba5c6f181d07e06135c002400ace4d

      SHA256

      faa8eadd98fecb07eb55bf61db3c756bc950648cd3392466afc2472c10ff1b35

      SHA512

      cdf3d711f362a7e6ea107e40e84b7facc62057979f9afc5cfec35ed270b5cefe51eb2d45e43dea0678380f962dca0fcc086d72ea5a94b15fa0756d55806e493e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3de8c073b88207b1272a452b4dfccaf2

      SHA1

      39d3726439aca1c2a62b8365ba5514cad71e0a4b

      SHA256

      f47ed908296e0a8e5c5ee71a4c56cc01f5b8bc58034dfd1cb2e848db8841d2f0

      SHA512

      3c0f3f25e8915de3f5eef99515dc1c19e7179cf7b8e6c568490db81d0367b32cb1704aea08c87f6fba3258a7f4a7c69c466b9b84d415cc5ce0bc888ad047546d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8d904e5d79e488ce77313950fc781828

      SHA1

      25eacc7862b0339a81d221d0d49df2bc5f045fe0

      SHA256

      a69b439181fd4da9344f0417dd5c4a42085381938ef45de456237013719f5ac2

      SHA512

      278b5824d6b95a50aa9be6276acdf46dc04cd5d6af5e342032e60098af3378a35b87fcf7f3081d92f73d83eb2ed1e37380aa1293f74beb7f2aad51cdb657d6cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9d7322daa2229dcb683d280f8c305b75

      SHA1

      70b96945c4178693c3735bbcda163126ee364bb3

      SHA256

      f1b4eece858550f0ef77e80689d39460b4339a2934f83dc19ac3179fc691475d

      SHA512

      5e00dee06e68c7b1747284e97b109d424a3c2056bbbe398786e947de69f653cd5f907b5316b21e58d1a7b28c941097fe981f22aa660390a41913ab6646dcc68d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ad6aae0e633b98d5643e7b1034d6120b

      SHA1

      97c1233c1fce920b2a82de1fe09e938bbb6512ed

      SHA256

      ed6a5b1a219bc44cbadb523a949e5de491310214dc5a9e7f336ec1fad1f00be2

      SHA512

      e0ce9abdbbb32c239c12c239240e84c5826cc490d01cb9f4cae6deaf4325715aaf1e45a651bb6ec0f76d7caed74d6b4648ab58a2c097c5bbcfced6d021d6fe48

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab30E3.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar3163.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF69B741B078A22434.TMP
      Filesize

      16KB

      MD5

      fc6ba542a717b1964307996800429e43

      SHA1

      c02307ccc6e6fec3274658c56154ec0ebcefdfc9

      SHA256

      b7d910663da297b64a8431169a21f55c4f1e955dbd56e86f83adf21d8362c3a9

      SHA512

      b7fdd386346d99aa6963be0b1f93fdcd297aeb96491ffa12f150b88897472b1f4133ed0a59a9a028d5feedf6dc5fde61f43e1d88de3bc22c3a7e3f287ae2518e

      Download Submit

    • memory/236-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/236-1-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/236-2-0x00000000003A0000-0x00000000003BB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/236-6-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/236-7-0x0000000000530000-0x0000000000532000-memory.dmp

      Filesize

      8KB

      Download