Overview

overview

10

Static

static

3

0a9ee9adbc...18.exe

windows7-x64

10

0a9ee9adbc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-04-2024 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a9ee9adbc1c1bf1fb60149b97d00394_JaffaCakes118.exe

  • Size

    547KB

  • MD5

    0a9ee9adbc1c1bf1fb60149b97d00394

  • SHA1

    ef0d587b1bb2a482d638e6bca8688b4cea40a4ab

  • SHA256

    7ff4220ec95d663d1fe715ae71d0f0e78af0b6b983b702523d5ab8940a611183

  • SHA512

    62ba5add5089f4318e6acf9d57f45aacb9ee1e47c0bf7c5a63e1d6b07310b238c8f654588e5ff6a667c835582ed103612a8e11b44d0bc29bd59b351f0d4b63bf

  • SSDEEP

    6144:uVJt7IsATy65KJZnF/gYdpOLwCF/lauaS7tsPUF18avHUwAIgJ+ke:uFTM5utF/tdpm17tKO6asJIgJt

Score
10/10
gozi3187bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3187

C2

qrodericky94.company

g77yelsao.company

tromainevirginia.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a9ee9adbc1c1bf1fb60149b97d00394_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0a9ee9adbc1c1bf1fb60149b97d00394_JaffaCakes118.exe"
    1⤵
      PID:1312
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1832
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1928
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1596
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1596 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2144

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2f1740a3ca1bd575ec07ee8626f9b797

      SHA1

      64344ad2e18b357191cdf81000a5c50a7a302f66

      SHA256

      dc6c6fc6445ab088c522ec455629c0c63e05933c147335921e8870ccbd14d8c4

      SHA512

      e1b2ee9fe7def1f49b637bec9be0d7254d0f46a0bb349095ea511c36c352f26a403225423d9eb61c5a3f6127312ab6c30142687ce9dffc591c24c06a953e7c15

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a5d87ada0c47e99b3f922e9b32ce5c87

      SHA1

      4156cb022bdbf4ebc8604d825405a8ee4fdcb7f4

      SHA256

      ab22032e7863d23087e3170f35b4b993af78611094230b0c2ad4d69187abb021

      SHA512

      93a2e3f62d4b0d75ec79bd8c56adb065aa40b4887b1908e9cc60f802e37872e69a0050d28820629cce8e7db84a08fc79af29f4aa92804681ed7421cf1a7bbce8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b94a7e54167f592c354de9038c520bc7

      SHA1

      2e7c1ed7b03fc02c15801501cb46165eae34a9f4

      SHA256

      e83e3c77d5aa497a986b75cface795a5bfb1aa130019e1169ecbf836fe662b5a

      SHA512

      fc01b82f2a5d34eecbb84680889486bb7325cfb5434a466588c756ad33f24fdfd0aed2b6a5fa5a26fa1a78de2ab7da6fdefc954d0bea7eb0dd0ddd6ec28ebd0a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ff8eb956e735aceca7f10dd715ca9e69

      SHA1

      638ad5988e0084ebc14775d4e1d2e6b30cefbced

      SHA256

      905de98b10246f58c04bc25f8c8f0e3ad1cd7470ac331f5ce40830089ec10d2a

      SHA512

      9c1523c85d0ae629156895c85c5f60e729b0f39326f7aef4eba0f208b3841dd0b0ec52ff5d0f21950932357f2f1ab445c9ed81bbe35319f1c6a183be77b4ec41

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      90f1d839c59555acc210b6c5cdf2e49b

      SHA1

      8568404d89ef7d2ad55e8f8b74a2d1270abaa48e

      SHA256

      5d8bcb0b7a92c7d45fcd74c2c4acc04be7fd5b95fa8be943b5fd78a5fe9378b3

      SHA512

      8be5dedac7cff16a60068b91e580bd0a1d51d8b32c9ffc8fd0fef630a705cb0ef040963a01cb98afe6157c53a816a15973ac7e1a9b7ecee295a9d71e6694d48e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3f79a3e5703d76388338d64f50bc5305

      SHA1

      55fc3ef462f96a4b12664224f4044cad4ac02aae

      SHA256

      2babea357622c59de996f42eee03ef213ba5309672ad39171eb7a6404ff8d3b7

      SHA512

      e5b16655a1e30e0e672437755606e1637e107ff257b0f070765fa6b0d66fc1758ba0e501497f89e6aba99bd588161555d5a659265fea54743681e405533db776

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      03e221975c5df941646c932e743d02fc

      SHA1

      fb7c652a531fec699afcc309d5faeffc28e47032

      SHA256

      50c53fffab2755f91a122468036e13eb6b078b8556fc47c36156faa0de166ec6

      SHA512

      876a70536eb6a3c1231de4827c2c0d464883d7d6fc0939055f84bb2154c3779c7fd17d3756f5d56da14bb0029df2e1aa47b59364abe90e8bf80466d08bfa3067

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      526808971492f4228a860c8dede24275

      SHA1

      f68ce0848096a5fb1ff46e960bf9aa6672de6d84

      SHA256

      ce22d31cdf06b97c915787d5c3f5d93c591e88c1e8e0f5ca35c4aa06a8edb2b8

      SHA512

      47fe4135f081aa6e91ff14a2c959269b0791afd09ae46a897281073af518d090c049c52eb5c54f107dcfa42c83bc6249afa0f73f5c8f59e8a83ab8c0a597c6c2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d164ceeef0fad2b7d4bc825ed6c3b44f

      SHA1

      15357a8645b343fca7f134f02de8045613612919

      SHA256

      f95a490c3c58739dbfecd10a3f0486d1348760e67ba418d7896097da2df41eea

      SHA512

      99aeebd58e2bd62b8905dec028a6923e627f265302ae0aca0903e3f78504cf276f164d62add1eba56ad2dfd80ddd246c1091887999f9e3c03c0d2fb5618ae5ce

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3626075a17daaaa2efd0ba61180022c6

      SHA1

      40a50fa1ca464878b4bdb9149f891adaa51f460a

      SHA256

      17071919493eb32933eef9002ef2fff78e824f0eec8d0e23087e06d8be436b89

      SHA512

      4f0a5d32cc4f5de8bba6fb936b73e94d4e7c641f4a90e1d15a93ba3acc78bd8e9fa3952c6ce66a5d89ba07482056b1db5849e663b4fcdaa6c11261c24d0fbaf0

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar994B.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFEFBE08D29E02A8C9.TMP
      Filesize

      16KB

      MD5

      3956025386388b7a3148a3fe17192ba9

      SHA1

      d70688bd6d766865ff730c6950f02571358c0ae1

      SHA256

      6b9aeac281ce6067b57e4d343b95da8d73924245cf2000bbd9f5cae61a031eea

      SHA512

      6e08e410b6d919c39758d58af3f65cbd49c98a2b3d6da59ae7ab287ef16799b2b9d33c6055625662e38f21f8a43a344107c5d56b5f49d3e7ecf876232e32f9c2

      Download Submit
    • memory/1312-6-0x00000000001C0000-0x00000000001C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1312-2-0x0000000000140000-0x000000000015B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1312-1-0x0000000000100000-0x0000000000101000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1312-0-0x0000000000280000-0x000000000031E000-memory.dmp
      Filesize

      632KB

      Download