Overview

overview

10

Static

static

9

1de75b58ba...18.exe

windows7-x64

10

1de75b58ba...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06-05-2024 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1de75b58ba6202247f8ecae6f0262fea_JaffaCakes118.exe

  • Size

    908KB

  • MD5

    1de75b58ba6202247f8ecae6f0262fea

  • SHA1

    01c436b1d8000d1c0722e4730e4f3feffca82866

  • SHA256

    1ca6d557eb822bd4a7e5d066a2e0afa1c0a8b07190b1f30515045ae11fc700d7

  • SHA512

    fdc18c1ff5e965c69cdbd1c37ef0c304dcd9562ad7f1619476261d99f9eea6bc3654dbd94984d8019edb804f42abbdf5a9e5b584aafe08c8f8b365db618a97cd

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1de75b58ba6202247f8ecae6f0262fea_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1de75b58ba6202247f8ecae6f0262fea_JaffaCakes118.exe"
    1⤵
      PID:2092
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2428
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:603141 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2648
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1548
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2932
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1636
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2320
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1952
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
        PID:2940
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
          2⤵
            PID:860

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          eeab085b1eb668c704030d17beb00024

          SHA1

          3278ca81e01d8a8b748ac96671efc05808bea94e

          SHA256

          5a65d7c65f7832d8bdd807169b0deb7b3942f663c9b0a80dd354430dd4515869

          SHA512

          5444ba7460b981a67be60cea604d9937d9b137826a88e4e66d4a3b5e20139e0024e8381ca2ce89c2aef909619e1d58706eab20b803847fff981b3b2663ab6c1b

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          544ecf819efefc3535d01ee6a81e8bcb

          SHA1

          755594b84a44244749709506c1afffd832a98ac9

          SHA256

          03f6801d40c8d77d008667ae60b76cc9dc8bf983225ab6388f93e69a54eb3cf0

          SHA512

          be895318cf902117585202086c6b5ed2c4995b3cb634167f4fd2fca87527c01c50a45477263ca562eb26a9fa3924a2031cb07213e46c0d95ab312bd3d832321d

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8d62f5f8b319abd14c6f86c731d41634

          SHA1

          ddfac94cc3f2d6bc42ab34dc004330f1e7a4ff69

          SHA256

          0f040db4379d471eb22c73a391fb237ec4d91848602a62fcc76b08c315536222

          SHA512

          862dd80241033b5047af7863d28a7e779f137b901c40b62ea9d8031e3f4ace7a9a38eceab393accb80d794be91122d8af9d3da90bb27102e41b72b92d791cc74

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          bf74fb6cbdd25e5c5591d0b4bf6082e6

          SHA1

          5e8e04753b8d323fd71039c47974241b4a31ab11

          SHA256

          927700b2fc5e6c308742187fea4c228deb365eb4ee74c9ecc54c161b9a18969b

          SHA512

          2695b5eb57ac830628614780f78f6ad50ea4d228310461cb4ce5ab583bb60f0c512e76ef0bf75399beaf44e8f42bca27c484ad8f141268539720c27a679c587c

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          180665dee5e5f8a9ed0e8ea7cbd9e033

          SHA1

          2dfbf8d17cc3e0b437153699d80b9b9e9aa2ddca

          SHA256

          dc115b9a20ab7de4d1ca6d50be6c2758d40b6dd29d6405c91d48c2f2b0594fb6

          SHA512

          49aaf7c701e28e400bdee943d9a36ed5cf65cf65b3fa295ab2856ad327c70c9e2a11710f1eeccbaa5eac667ca2b9fbc7f55d846337ab30bb1d960898858b7e2f

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a83a4170a85a56379f5c5ed6389984a7

          SHA1

          ba37b6a8e8884e9d852b0e6d7efd12aa03714b98

          SHA256

          9bda2a848db64797b5d5306361a0b5238df8673569785caa5724d82983b96536

          SHA512

          44102621759f17f19f897e6945cb2e5c203a588564117b4b66e157036e597423b3c5a903b9933ab4d6f180266e454f56cda9c288923e9db3b6609fc77641398c

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d43c5f19ee4d68e81224fca5fb972a4d

          SHA1

          7dad0f888acad95ab5565087469f1c7737ee9740

          SHA256

          f2e18c28104672244fc556dbb946cd27090a2493d1689643addd083076cae2a5

          SHA512

          533ae1a708371a23e62196a32891aa628568a183507dc977227bfcd39faf5a5890ddac5b8796dd9282f365f89c43abf62361feb7506bd7417bfd77e62fdf6dce

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          fe035758b243d605f51ebf4efda5ccb5

          SHA1

          f74f367d65555bb8758cf294ed03e255c5a8cd60

          SHA256

          0bfb66bd83a6bcf47f17c1295356edbee42d488caeae61d7c31fc6f0df481855

          SHA512

          7fe57daad31cb4f3e58dfec3737813421378e32378684b4d8ac7ac25f0f16c61cd167305b5e3db17d49bb6a5c7295e23c90973da874d24b664f1870f1a139de2

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          97bd092c6848a55c234e3961312f613a

          SHA1

          3133605970bc81e296e38c688fe8a909a4893305

          SHA256

          f821f22606bc247e1a15b1152957e1a2ea888ea1e960a52609f40ade65bb5a12

          SHA512

          251d05b02e675a87ebaf75f1876dd1f52e54404862528b5652182d4c9a064a599466099aa9ee97dd918d82b0621e570bc09edb2f70bbccdf42b04cb6784c7d67

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\errorPageStrings[1]
          Filesize

          2KB

          MD5

          e3e4a98353f119b80b323302f26b78fa

          SHA1

          20ee35a370cdd3a8a7d04b506410300fd0a6a864

          SHA256

          9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

          SHA512

          d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\httpErrorPagesScripts[2]
          Filesize

          8KB

          MD5

          3f57b781cb3ef114dd0b665151571b7b

          SHA1

          ce6a63f996df3a1cccb81720e21204b825e0238c

          SHA256

          46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

          SHA512

          8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\NewErrorPageTemplate[1]
          Filesize

          1KB

          MD5

          cdf81e591d9cbfb47a7f97a2bcdb70b9

          SHA1

          8f12010dfaacdecad77b70a3e781c707cf328496

          SHA256

          204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

          SHA512

          977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\dnserror[1]
          Filesize

          1KB

          MD5

          73c70b34b5f8f158d38a94b9d7766515

          SHA1

          e9eaa065bd6585a1b176e13615fd7e6ef96230a9

          SHA256

          3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

          SHA512

          927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\Cab61D0.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\Tar62C3.tmp
          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\~DF40C5FDBA2C58C7E2.TMP
          Filesize

          16KB

          MD5

          94c0e3efab20fccc152f8b318b5bea99

          SHA1

          71846bf410a5dca76e83f97088272b4465ee7600

          SHA256

          b4de22be1a163d2fc568cafc58a16f51a084e7425330860f670674b563fae50e

          SHA512

          9f2119392f3ce65b10ca32c543ebd267cf407cb2d54094d9d2e1de1cfec506b8e0be7f22f631a15fc7fb1618547bb2b90838321c03c44254f4b4d9ce120331ee

          Download Submit
        • memory/2092-9-0x0000000000400000-0x00000000004E5000-memory.dmp
          Filesize

          916KB

          Download
        • memory/2092-497-0x0000000000400000-0x000000000040F000-memory.dmp
          Filesize

          60KB

          Download
        • memory/2092-1-0x0000000000400000-0x000000000040F000-memory.dmp
          Filesize

          60KB

          Download
        • memory/2092-0-0x0000000000220000-0x000000000022C000-memory.dmp
          Filesize

          48KB

          Download
        • memory/2092-2-0x0000000000240000-0x0000000000251000-memory.dmp
          Filesize

          68KB

          Download
        • memory/2092-8-0x0000000000310000-0x0000000000312000-memory.dmp
          Filesize

          8KB

          Download