Overview

overview

10

Static

static

9

0df8350111...18.exe

windows7-x64

10

0df8350111...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-05-2024 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0df83501114c153fc915cec77374ac3b_JaffaCakes118.exe

  • Size

    908KB

  • MD5

    0df83501114c153fc915cec77374ac3b

  • SHA1

    280aaa12793f4130d7e01e5330a2af7c14b45bd9

  • SHA256

    766c5fad470194e9528a4016e4ef131c93670561316f7523ac328088dbc27b2a

  • SHA512

    26ff1319bcbfd8ac55d87ae5ead7b9747d684fe20399ad083302d59699c4f3968d955999e209740aa1fac84d6d6caaf45dc185c8019d172909cac9eba4913d36

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0df83501114c153fc915cec77374ac3b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0df83501114c153fc915cec77374ac3b_JaffaCakes118.exe"
    1⤵
      PID:2256
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2704
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:799753 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1312
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2216
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1388 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2328
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:424
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:424 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1492
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2444
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1104

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e4275ea001284ea401db9c1b94ebf1ca

      SHA1

      e0d4fe5e8461abeef9f20e95e367166beb1631d0

      SHA256

      23653036448674a186fc91a97191297c1402d5933cfd0ef42fce03865a7f1a0b

      SHA512

      a15608e61f41fe56fef205667aa5bea4fb6a8585d9a8e9e1317463d6c947fbf538b7a74e4d53a9f3b26e10cde8ebb4682232eee252597f3a5085ec4949722400

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7004f4dfcbc4dece5f51c124b341184c

      SHA1

      96c9451f6c820df048aad5b9af22a00384d7eec7

      SHA256

      714540508194aebf6a4ffac8dddc5a78804903cef2d799b88db2644741939599

      SHA512

      87f38fe38b07b3173c69205d5677c80cc726b1b80875c7de534fcd2243cfee64ccff956c4ad4481473fccada4c93796d04b49a2a9a8b6cdf3531b15c4c334581

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e410539324b0dc74df8d2bd4f0b0e167

      SHA1

      d1dd4711c1985aed6af663b670fd3ddb9d97c54c

      SHA256

      6cc8deb7d0e92018f24319a0b5639cd3bcde2a110794fd38fa72e34fad993867

      SHA512

      42143f4572098db17a5e9bc8445a7249afbc1a4dd780ccf1ce546aa38571a0b4be3189db10bf19a781b03af2b6f70ff41bd3e85ea00477f4c98c2431fcc540ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f0785bfb3df58a58f16c5c24c1b2ec52

      SHA1

      029a21d9dda4c460b7388097dc3d193eb04044de

      SHA256

      2a8c2243fbd3e536a39d3fcec1e083cccb0ceeba57c44179ba0419af1ed8d709

      SHA512

      4af4e59c41479bf0adca46a7477cdbe177faee6d6eb156de888801936a145e8aad8e647aa1f80cfafdaf513f5f52b04dd760f0b1992da0ce61004377b66b695a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      37c57be0db9fd3c9e2c9cf6ff0db2e5a

      SHA1

      8cc6747f32c3c57eb6ec892c991caf990d998be6

      SHA256

      4a5a8430f3352ebc74b242c6582a508dd09d4a2a68d26ed6887774776f8d036b

      SHA512

      e63accf1db2f1dbabdb2931ddab6ca89687ed3f13d38889b5f01b7da8160ca420f4e371e8e35f1a1a17a82a6fdf46da4ce3103d4b048002f50de7de82d1730ae

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5f767af9777b434f961dc4804e02b63f

      SHA1

      b0964802fe550ec00af4bb00e0ee5b4b112c523c

      SHA256

      66b9d71845272b67bc2cfd3de02e57a7c704f24510e0a355c8d2f0cc78fcd6eb

      SHA512

      d6facbbda033694c589c1332298504e2984f3373990aec367e178167ae8ea7f5ca37b3b58be9e360298418dff9ee495acb094cc54039c867efe745dbd17958ba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      12559e2dd41776add613da3dc00fd352

      SHA1

      1b12de6bf21858d97aa31dac601320ac89af0367

      SHA256

      e4c0939cfd277da4e901a8f081efa1037ce1b0fe3bd251a791570692d8c326fd

      SHA512

      dc174c48745613cda5ab769e6bd6636ad8c985b55c711ab6532203d17d069db372ab067c9a3788ec99ac96e9bea91fafe26bae7c2e6c0549f1290cdab91354df

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabF2E8.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarF40A.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF209147D3688D331A.TMP
      Filesize

      16KB

      MD5

      0492b3f5a4c1c70e5183507b1796f326

      SHA1

      a7ace4e43397ee7e964eda9c5626b721ff3aee3c

      SHA256

      6fd5c0b3922f636bbe864b5ab57d6fb0bddebd2406619bc6f18d748a98c822cf

      SHA512

      18899d1936f88a688582f66dff9f8cc86968ec902d61220740d93d98e90fa8cb269294905cbfcc8e62a8bf992a4bbb750805874e0904fe16c9b8613e4df301dd

      Download Submit

    • memory/2256-0-0x0000000000220000-0x000000000022C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2256-365-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2256-9-0x0000000000400000-0x00000000004E5000-memory.dmp

      Filesize

      916KB

      Download

    • memory/2256-8-0x00000000003E0000-0x00000000003E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2256-2-0x0000000000260000-0x0000000000271000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2256-1-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download