Overview

overview

10

Static

static

3

20fccc21c0...18.exe

windows7-x64

10

20fccc21c0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07-05-2024 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20fccc21c0a0312f71ca91f0396bb43a_JaffaCakes118.exe

  • Size

    372KB

  • MD5

    20fccc21c0a0312f71ca91f0396bb43a

  • SHA1

    ad829aa389a14910c3838b74626a8e964a6112b1

  • SHA256

    00ebf0a08e49c0d2e4dee0919b94d7ccdea379ace1364b0ef20c7dd20d104e4b

  • SHA512

    4d45fb18bd8d5944f90a0350490ee7ff8c8133f5ddcdd4d3b9537d63f4202c860ac72e77d9fe16305c7bbfe66826239afe8a9677cce60335657e9202353bd466

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5Fz/gF:QKEufaORxezE5Fz

Score
10/10
gozi3181bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20fccc21c0a0312f71ca91f0396bb43a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20fccc21c0a0312f71ca91f0396bb43a_JaffaCakes118.exe"
    1⤵
      PID:3048
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2136
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:752 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2852
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1296
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:776

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      27379a2ade3a99536c9bc51537ad23df

      SHA1

      e44bfb060fe4c11c92f88c6ef83d7073140408a2

      SHA256

      b829c3f4af59ebbba510047fd48bfb004d844124fc38e9bc4f5bf7a79b631d68

      SHA512

      f3b4a279c8d9febde1515ffea9c3caf47947bf8d355b837edc649bdc21f51743835ca7a5230717162c1903b9ca55ca41ed0d99f79d266844f661fa898ac9963c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4955d1fd6bd902e1f3a85fb98542fd09

      SHA1

      d7f78cdbcce36c03394e7ab3b6df23338b6f4bd0

      SHA256

      fe0486852d127e6470783b788f23075a3d4cb03d82b2bc5201fa504baf1cd44f

      SHA512

      467ddb71a67336f702d86723b74a64fc79e26cb9e4b01e37363006da4a0c9096ab2397f15b4fefc4a57f3773889fe8c6e808f998b1115ea7bb6d1a7e4d18b1d0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7ed26d03795dff839b49bdc43b90ab01

      SHA1

      3f4e9ff7e5e32b941a3312636f93a893e565eed2

      SHA256

      f6505b044e7311fed0d7d831a626eabdbd98c314806c5f02948ad94248419bca

      SHA512

      b2b9c6ecebc8390636a4ea38286a0e96e4e894a2d06d773c0fe0b541b01fc9319ffa4880a75c8596367f0b5ed2fc3f00834befc57abab34e5046173c115b43ad

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a46f12fcfb72bf45c96012e99f2dae87

      SHA1

      ff23d6072804d6a7f1395577c2185302bbba0e62

      SHA256

      3936bf84faf3c5b8d33facbbd3687a2a968b57c9b8eb425952173f41759b361a

      SHA512

      201b6031ef0bca3504c8bdec984f7182cad157d9e75ebee100ff5e53e23ead7e478688ae29c225fed67e20062e3bfb31bd51883926c3bdfbac652c84b3abef4a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      47809d9b989d4446fe525525a819ee1c

      SHA1

      299508e7d7150920ff790ee0a0194cefa83bab76

      SHA256

      b605591216389a8bab5e4cdfcb7f43f58feb2a6b79742e1dad4a1c83db009341

      SHA512

      455dc568539f0befd5a6b70ce641f3ad2b246e7d56b1ce56f204acd620cd02dfc87d5c5fd0b11552a22c103448272ae42f7c481171cdab3b97e75aec27a645ca

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ea08fd3892a4ca134d0c85bc05c67094

      SHA1

      9d5fa2c8c0e5d4541a5f1c853b241269d335d11c

      SHA256

      13319485217fb65f66c1765b126307b0955efdce1fed37628bb14cea286e04ff

      SHA512

      8e0081eb5d881415093b1fccb5d9a979122982bc3c7b2e37a85ab225db06e8f8591fc3f5c949e2eaa8902731aea31134bf2da810961d33a5bf6ee2ed0ad21fb5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      56ca9d5dfea67952273b4669e2333157

      SHA1

      15dfc62b8868a4d5ff9563ff1a95b1cb4d6613d0

      SHA256

      617e60215cc44fbdb6dae3d4ec26c9d7fd366bfd9570bdd470cb6361f22636e2

      SHA512

      6a87f3fd9051e5e1cdb8cdf60eb1382cca6a848f5fca7835ed1873e0806956e365244244202a2f1ac91c26837612a8cc3087277a18ab10087ae4aa512b6849e7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5f504be43b062184ea8a43100d59a609

      SHA1

      323edd404864afeedba79a0bb8799d0527f95947

      SHA256

      b3dda484c80a3424da35448d3dbba9123f39a36ec689f1360e3348e6481d37c9

      SHA512

      8e22da9f0969fc9b05baf25d610aafcd53f7dfd4a8922a3820bdc54db6ab1e5e6832943f9fbf633cd6df3aefe1610a5e12ea9cda2480c610d3160d4b633f8070

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8cc63eee89444d5de85ccd65a6d2b996

      SHA1

      7e56f0d50e0918317c72a8ebad2775abc4f2b312

      SHA256

      50ab653dfb088712d93dabedd689239bf79489f44ffa480c96c9dbb00f212245

      SHA512

      2c90f61ae35ff7c5ece4a3398e37a09c94d61ae5153abab92dfb491555cd17cbcdf579a4d013546b4ac3b90bd1a1f65521803100170fcc5d7729d5e2ea43f64e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      4e839d2ff428dbebe0b15860e290bd98

      SHA1

      dd495efe488b78a5bc9e297f32e7d23106d67813

      SHA256

      8c65b4af205eecda6470ab9df6c843a378963c80ed6e98c255e68647c71e078d

      SHA512

      24b4a86c2eb4bb81617a6e1243b592052edfadb8cf8dffe756a90a0eadbaf1cabe1f1416f6bffdde50486a7812ddd8ac108881e25284e287a2c2bac718e29cf8

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarCE1E.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF70723D9263FB5A17.TMP
      Filesize

      16KB

      MD5

      9806da5ff10e6c733ab3dd6812ee6c6e

      SHA1

      6e9a60a277764ee285c664d304e4b0ef870fca94

      SHA256

      8a312926ffa7780a3952ed71fecdb4497cbdaf2bdcf64c28c09a90127ddf6e17

      SHA512

      3ab2ac415974172a4ab194cf92e7c23972b53fd7ad42b9b26d0a0c40b5d79853832e9c083f98c5f837d614e51dce2a6bbbde6f0697415ff0ab212afcf92da0eb

      Download Submit
    • memory/3048-6-0x00000000004F0000-0x00000000004F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3048-0-0x0000000000400000-0x000000000046D000-memory.dmp
      Filesize

      436KB

      Download
    • memory/3048-2-0x0000000000330000-0x000000000034B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/3048-1-0x0000000000280000-0x0000000000281000-memory.dmp
      Filesize

      4KB

      Download