Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24-12-2024 12:39
General
-
Target
5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe
-
Size
208KB
-
MD5
35e3868c7d28d2ed87248077f670c707
-
SHA1
8e54a89fc59683cee86de964ec475dea9fc5618b
-
SHA256
5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57
-
SHA512
c8bbf7d192aff6c45005700014a22ea72832febc73b16ae925b339a356815b27bea3252917a9aa94e48fc05377b85bd1206f33c7e46fb17bdf325aff7ef40e37
-
SSDEEP
6144:mG5SEzzbTFGB7JPZc+mCZzw0SdBPs6nVC:dvPKBsC5wFBPs4V
Malware Config
Extracted
gozi
-
build
214082
Extracted
gozi
3400
microsoft.com
update.microsoft.com
avast.com
tm90daron.club
jamericohermann.com
b9437ariane.com
-
build
214082
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
Signatures
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Gozi family
-
A potential corporate email address has been identified in the URL: 67C716D751E567F70A490D4C@AdobeOrg
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SetWindowsHookEx 20 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe"C:\Users\Admin\AppData\Local\Temp\5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3196 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:32 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1220 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
8KB
MD500b860f77e74252af83087eff62d8d8e
SHA1e531d0ca7b8c3cc3be8fd793fb9dccfcc65358df
SHA2567f77a2643e4a8b245dcfb69aff686b5795f9c55378ffd4a3726bd319d9b2ee66
SHA5129914f24931067316b023b67201734408581aeb47057ae5c5b4866098682020b07f2f619ce287f5cbfdefa91991cbc3994b8263aefc147a30d7cf905a705a5ff5
-
Filesize
7KB
MD5be87fd81ff4e82e7ed57b0c8951c66d0
SHA14a918234d3225b585dffb7b6d587acb3fbb39618
SHA256637b67152dba0b0b33c8aadb38ea7c86b7a12b37366c7183f898c36c222b04fd
SHA51287ec908135335b4074d412b04188bf05d00f468400d2837ba2ca1c77440b6f2f15ba648f2a8f42b1301d77df54bf2a00e59416942807ccd90e36f59431638de7
-
Filesize
16KB
MD505bbdbe06206c34376d833dad8af022f
SHA1951ab182325a339356e88877106574d09c82f18d
SHA2561baac7efbb894ac6560aa8d2bc431267ef417a7f1e3c1d909649c7159f86f35a
SHA512c3c669ed495a1d69e37a26bb309430f35b932050fa52fdec0d39db04379880df8a7273c11dbc6b3bbb90f16eab4a551106a5d368ef5041e0a045b694c9a420bb
-
Filesize
4KB
-
Filesize
288KB
-
Filesize
60KB
-
Filesize
4KB