Overview

overview

10

Static

static

3

07cec3757a...18.exe

windows7-x64

10

07cec3757a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-04-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07cec3757ad7218235b8e8c5b6237417_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    07cec3757ad7218235b8e8c5b6237417

  • SHA1

    c23c9493d07e14cc81c06176f2fc83db46522182

  • SHA256

    b5f09753495f464954880601781c3f02ce80fe4f66ecd32c72a92ca79c4a1813

  • SHA512

    bc94ed5415392c8bb0e9fa34e4a26caaa29818f488d4d6eda2cf6976d8490b8be9a7996f46add9f87bce7192e58f5a742f133ce01bcc3f7f7959883e66796be7

  • SSDEEP

    3072:93ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:97dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07cec3757ad7218235b8e8c5b6237417_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07cec3757ad7218235b8e8c5b6237417_JaffaCakes118.exe"
    1⤵
      PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2472

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      00115c1d81b42146e317fd6bc82fe87b

      SHA1

      ce1d5cfb00ef53e924096894d9cba1d78c62e157

      SHA256

      c6aa062a359043f75e390845baebbf1b0a39c4e6bf9b8ff0907d12d1d1927b55

      SHA512

      96ed0c1abaaf9afc05b7b5d269446aa9b1834c312aa4c734c3aa5fc7a1b11f7ff7c42b12db5054ddd14ca19b0678de4929546cbed129d8de040d72c17d501464

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de20952a5fdd9d8fca33240c9f48bd9e

      SHA1

      badb409d3d9b24c2eecf1cb871d5354b67c6a572

      SHA256

      09a30c0ce6c4693cca689e91903f428af962fff99fdf9daf0b07e5dfa5096ab9

      SHA512

      c0c4b44c60306734b0534033acbff7a25edecdd8c5ab5fcf74f0ba99b0a69b2069740eb8a15ea4bdd7170442312603943d746772a1e99324a8deb84fb778dde0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e82af91f6270180d4b20588839647844

      SHA1

      a9d418a58390d0007abb516acda4bab6a79cf540

      SHA256

      dcd1970311be3da2086e6af605aa3327510deb789d7611c95e203aa42ac053eb

      SHA512

      d1e8f83220738523698825a59b43c34726a92ee02b00a4987e165f961c71abe5aae5459c1a60542e241bf190f29e26803d5c7c17d0023cb60a645641ca545d33

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c2184bc17657884ca3bf1a4554ec01ba

      SHA1

      812600f245ae745f43b10996bcabbc90a66d3263

      SHA256

      a6e3b5c6c744db31bd323aed82cfab6d7c253140674e7fc5818c7321c0bc4221

      SHA512

      04e6549c176a950ce09a746cdb70b892b6297baf23d4b316d84ef7c661bba2c4e5860e7288e8136f56f9042a90957bccfcf4ea7855d7bcd52d0cadb4dacc0725

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ad255c27ea17a6f4e5b2060065b4090f

      SHA1

      5db6abbd49e3a4c8ed39568e42e00d30cbc4a87f

      SHA256

      835b26f5fb91718d897962c152d8129cb31324f44cb79b52a7d255ddd64a3e58

      SHA512

      012b9213fbc466ca84d720ce2a2460da8d3bf0773d1612465c76a8e13210b99d14ed18a582f4f2f23ba8bbfa39bf2029e7ced86af937a0ccb456e0fb1e38e98f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7f351913e6ea54c5071e65f9f2bfd8a1

      SHA1

      03945597250a95d350adcac11d6391f7d3b69ce7

      SHA256

      11bb05c10fea2b6a508c1cfb42220fdc9dcb477ae6f13a37a3084108f01675b7

      SHA512

      31fa02785f527ca4fe7b00f670e1db88c942c54f23ac0db4e18abac95a703cda24eb815dd7d528a405bfdfa4f70be078e7ab0e281830e99a3453006091b0e617

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cfdb5665d91c81ca1844e5d519c3b05e

      SHA1

      f49b253180bfccde9c55dff708f24c47f111ab61

      SHA256

      81e25f1e61c108ff964aac438b8aa6a5c6f56d4593f855f724ac87c082950bc2

      SHA512

      301ec46c4c46b3f6072a7b691236cba045bf4fc8d24140a796685c61b6aedc4d7717c4dcb01282caaec3136eefc09156487ffc87f465c0d15c9e1fe4c00c1390

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      49045aebfa34eeda246358ef6d662824

      SHA1

      ffb309468f4f0c1db4505ca3582776f52543579a

      SHA256

      dc8816c99d5c79a9af44e504fab1a1e1fd9eaff719c967acdbcc54c3e72d02ae

      SHA512

      d91d2073c0450a0c905cda74a3ec6997d7cab5d75908ed4f0e9940e36c91e5aacbe954903bbddf41d3a6e656822e674f968e9977b37c8075daa0e3ac92121ae4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4f2a0ad95eaa7771f7a515af1219c9b9

      SHA1

      3561f68fbd6ae7f607f114ab49c5c25a38443e83

      SHA256

      5903cb569f7e60e23ecc3633f11b9d9af93a7e3a14a7e680da49b4b4508b7494

      SHA512

      c9d82a11c9af5ff003d612812dfac399de525d16c9137f86fe9620b3a05d39d1a3071e26b8bc64db67d1b6f7e8786422d4ffe36de370cc4b9beb11b261e7cce5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5da02ef5a3d2c545790bb0940b1eab34

      SHA1

      77c1a60ee6ad98768307b5c167cb7d3564e03d76

      SHA256

      e8c26c1b9e809f85d34daa795fa1d295c45c654dc094ece45d7177a810dc2da1

      SHA512

      33ab96ebc5ae7a459888d5ef0fa17e8e68d3dbb671a5321f4214e4eb6a0a96574562748cdef3385a106dae28a8af4874e5fd39843cf29db055b83884100747a1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      99312c8e831ccd53196ac54790abea1f

      SHA1

      43c7429ceb37d0c2f8f6c73595226b61ffcaad0e

      SHA256

      d6a3c96b4a9b46769be5aa62ad761576461b3464725921dded4e175aa092ec31

      SHA512

      58c1387f8e065855ce0d18b1f15a1796233b282876389dd713dd29d54060e690ef9d83804143581441e91c6ba2a5b339b7ef1a1e0971483bdc845fc3f715e418

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9474.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9477.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9538.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/1652-0-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1652-20-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1652-8-0x00000000002E0000-0x00000000002E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1652-4-0x0000000000270000-0x000000000028B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1652-3-0x0000000000020000-0x0000000000021000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1652-2-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1652-1-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download