Overview

overview

10

Static

static

3

04613f7bf0...18.exe

windows7-x64

10

04613f7bf0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04613f7bf0b8c87ef1cb61496e00f2f8_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    04613f7bf0b8c87ef1cb61496e00f2f8

  • SHA1

    9f76dd0aa8d55ffdabd88dc7d54480bcd77427d8

  • SHA256

    37f076e256c80fd0de0979f054b515664b2ec0d580471ffc6330f90798c2554e

  • SHA512

    b99721e1af4894ea62c661d58c26188224793bb7e6b5a118e69148b0922320a9c71cc81d6082af77a140c53aa5fd99f0a2a3a4651a0ec7ad32d024e8c9e2e3de

  • SSDEEP

    3072:9Yji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Sdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04613f7bf0b8c87ef1cb61496e00f2f8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\04613f7bf0b8c87ef1cb61496e00f2f8_JaffaCakes118.exe"
    1⤵
      PID:2228
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2304

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2dc26a38c4fc83d4a8ec26f1ccd0eafb

      SHA1

      b4e09c6ab00f45354dd2b1f92515e3989dddbe11

      SHA256

      bcf0db44aa325f3843fd15a0adbcbcfd7b32c2f00d6399046981b1d27585e550

      SHA512

      d5c9cb59830172eedb7642eb628b8eceb894c5fc56ed0c429b6badee47ac6e94c1fbabdf0af2d0f73329d376d3b991879f68cbcf586833f154314e50193eec63

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a9f5d0e26250290853b5e105df2d7a3a

      SHA1

      c805be921dd832d351526e0b1eb0e277886c2311

      SHA256

      e571f27ef99cb769ffe6250a6f1e4dab80231baacda0d9ac82e189d55e0b6c7e

      SHA512

      de19d9a7320bf29439253003690024e55adb791fe3b3f8178fd15989d2b60e4aba615eb37f5579cde6cd6d14dee4425841352fd0682bd95d95547bd40a85359d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b6e2781acbb972c979aade7f1cc4c84a

      SHA1

      881e1152ab2c086cf4a24b482f492579b996eefe

      SHA256

      c347305360ee98d4ba12ddda60a5e1790cb72304098176f17f8bb710a2821ee8

      SHA512

      dfd405a037194c3f4173c8f55dcca6629d2c09402ba34cd2c89130922c763344dc8d09738a6db7e431b4ac46e85949716cd0091179e0e50bc653c4e1a1ab8e28

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c1a66d1930152c0bd26475aaf09d41fd

      SHA1

      30c4d41c245af0f2bceb24237dda018ef861079f

      SHA256

      44a6f1567ef880733571ba3b68db6a1169c76503c66d631c8973364ffa16e090

      SHA512

      b28d6f7d12509a3f7779422115e5429f9a25d6e8d0f4f833a2c16101d25d0d60838a1d734825d59936fc62f28294ed5f467824ec4f1b42efbabe693745432676

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      175baaf992feb3ae80292187935b5ed5

      SHA1

      71cf703bd7089a99d2af55eacf966b14eeb759d9

      SHA256

      60fb46a8847b0da16eea4d44dd67fbf11fbd3f4c9aecf00a201df4b1de3c4272

      SHA512

      b8e38a0fd10d8fc6bcd33ece4d833135da4e2c70db48962cb59c4bc3da6a90d3c601f1644721d1e4791afa0c3adaeee6770fe6ccecb51ba8a95a7f6a18ebf655

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5ee3d03d781e12998eda013841ab7037

      SHA1

      a16b0fb51c2527f70d4c3476fbdb338c399d69ec

      SHA256

      5c23d8921d8d3a2922dbf6aa910099652e8d42ba97223140834df42a77255a19

      SHA512

      4d3565e1292588260aaa75235b81a7998c400faf456d6e5e75aeb38b472344681ad3c36ecd86092ad8a1e86447c8f7e7f5b7e3d00dfb3a43a73632ae0f3d3e4f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      67fb0b1343a506e5eaf4bb83d56ffbd7

      SHA1

      7d3961b14929ac92343bb6a29625e660dc6c395c

      SHA256

      f437a6ea1b78748faef4860dd2b127d250a1b889c273e8a9505b5a0669ddcc6d

      SHA512

      4274d4cd956c45b7c77b4dc2793f25f53ad9b380e40461859eac6f5b3657594fded6516e882abbbaabcfe475c9eacd063bdd1d8745ca89b5b1e2c1485bbdd9cb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      11f6de1947222781b393394d8e41385c

      SHA1

      606465d17bf65f59244cdd0312a7d811d058e0ad

      SHA256

      5a0875f0961d422e7527e115933bcec577eedfb2c9f9b7109b19e72a54191f5e

      SHA512

      8095cd0f1cdc879d12c50439379317f9a661081d6b11f999e742371982c04f8f4942adc15f3ed1962121a5cf295b74da71bdd82439e7daadc70c3767b96e8fd6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1797fa10d91b84681550b510b606ec4a

      SHA1

      bd0741e5e87ba6f2ae5170872e37e6427319d50b

      SHA256

      c66bd534d9d4344189faafd266a49b78c106518b0e1c6880fec9bd3f1439efa4

      SHA512

      3572d4534f0d736a19625a2caa731ef0100cd457bf427ad8ef389cf5344fc65f08cdebd3910fa4e4d337f88a5c8f112de82a7302dff78439387e9681897b6a18

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7E84.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7E96.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7F38.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2228-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2228-19-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2228-8-0x00000000002E0000-0x00000000002E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2228-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2228-3-0x0000000000020000-0x0000000000021000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2228-2-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2228-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download