Overview

overview

10

Static

static

9

217734816f...18.exe

windows7-x64

10

217734816f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    07-05-2024 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    217734816ff1367a9488298227befd9e_JaffaCakes118.exe

  • Size

    908KB

  • MD5

    217734816ff1367a9488298227befd9e

  • SHA1

    e59132f8eb3e413b2b5924db33fd3c7e19126eba

  • SHA256

    799484ceabad93035de7fbd852aa79191daa5e4d331d7a43b8bc5d865ef40d4b

  • SHA512

    670dd829a9a457f599bbe938865f2baf05eedc14e0e871a67cb511f68cb764cf9905f2ad0c2fd5ba191cb79dc4d101b9e8f54754e6a51c95ca9462f899501e43

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\217734816ff1367a9488298227befd9e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\217734816ff1367a9488298227befd9e_JaffaCakes118.exe"
    1⤵
      PID:1968
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2124
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:603141 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1464
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2112
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1572
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1340
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1340 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1596
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2636
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2532

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      23f77d88437edab3a9b9c717aa74bf8e

      SHA1

      e388778be992b352c989d06dddbc3e359aba735c

      SHA256

      9e6730b7415a385e13c6dee8ddfcfe7ec57c8e02a95db9abac8519bf96da5c24

      SHA512

      f8801a25ea9375d48d686e138b3840e740dad164636a471cbf1a3c64b26e1ef9b02efd10c17d0a264a8f5403755bd901642b89cb6db588e209834adb3bb797dc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7c00dbe01f130e834ca82ce6834d88d7

      SHA1

      2a3a894bf36bbd007cba06145868fad45a77ead8

      SHA256

      6988632a357545f8fbca55a43fa5cc0c35f6b9b434596604ad8227353724a513

      SHA512

      7fbfcf8ab07197440e291378a884483dd1ea24604b26b808b6bffb98f8b3bc3620083305cb049c3b0f2e0ee6100ffa4e3ec674e2f5b4bb4ac44244285d3cddee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      37162629e64379f9a3f2f7430694f783

      SHA1

      51668e7d6fc8887866784cdeb70d43f9e18a6cf7

      SHA256

      5ae3810a278c723e34e750eb5604a144241a3d61622dcd2e5727a17bb8e1cc04

      SHA512

      2a4cb32e4553d07cef0aa98c8602410b6a52e75a852ad7026ee9da3144b009c184a2c07d90a2c036c9fdd584cb5bb9489527e17286e2fe4bf34fe0bd1a679a77

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3e45ab5c651530567f70d837f8c211d0

      SHA1

      ee4aef29893b5cbebf1074a319f5cdb3f2ae67ee

      SHA256

      088465b56162cd2d329321eba5c2233b08fd52f34d36878b6334f6ef727e5a85

      SHA512

      1e7073e3e155dfe80d28135d602f53cf0ad1da0aa6d4d1f30ce4db1e8c80d11206d9bcde8a1daeb2f47a9b994953bd9577ead4580fc1a6603c67309fa043ce18

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8d8d838c89cb12c7b2097a5e6b09ed8d

      SHA1

      0bbd55c3459e26a400e84d4c46c92f9af0e70675

      SHA256

      a6c6b624de19302384386df25fda8587c94ed50629fa79c18d9bfe66b96148b8

      SHA512

      a1898245519a777a315d7a9afa7195a7d80846ab27d703d144ca67e3ba75632c9cd3d0052869d1198382811e3c92e32b4ef2a7f82f5f8a220460fa032e8b310a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f866dbffbc7ac57f03a1beb6d9d6298a

      SHA1

      8ab6102f266a3b97bc00ee77ae630d85729f710d

      SHA256

      56a6031144ce95d415d5fef11d732724cf3d95d0a20aead9072722959403e461

      SHA512

      19cb27d0c4f7dc5b7ca0c81bd91f250df3fe27885abb72922a5d01d14b6f7058b5be11ed3dc7d21d79c4540f937805e3d3a2d5b32c2c221b7bbf57fc60dd4640

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      db70316fd7ab040e3cd73900f92f54fa

      SHA1

      b054063beeab2a37a78bb1ebb5f63603a7505199

      SHA256

      9e1f914965a4be600bb03cbc3306ece182789133e18427b78aaf402428bc2890

      SHA512

      af0e835059e9aa9171aa097c32b13602e374a8adab91d24b109a1f9548c7be855312a0fcd31e5bb57ef825cb5779515dc0102b7ae2fbe7566e0615aebc5adff3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ad6c1a4c7c47de57584bd2d78bb30c3e

      SHA1

      5c1ac51b9b3840476a78c19d20d1f14c711555a0

      SHA256

      402dd6821714b38ca452ec821fc7425632c9f2c4edd1fc828817e94847ef2463

      SHA512

      f6cc7fe083d0b612790a4a9f5f084dbb51932d676eba4fb12e14a7b414801a49d67a3c1f7e6f78f41aede84c802cfa214a05e2c05175e478c9c219cf55340f14

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      24a73d67241931e446aa3ae7c2d6c497

      SHA1

      2e2f0e1fe7c930c5b0e736f6b19e47f73f7fd5a2

      SHA256

      2dbc48f62a368af763f32baf3565de93370ad82f9499f495c950f4a2e256a031

      SHA512

      fc99b96b57f2f83f37ef8e812867aa598864402f646a48d2d530694fb19feb98dab2068bbe5fc059021ab788609db89efe6d3e38a3c6611441646319823f085d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6C4D.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar6CAE.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF60ED995F1E3377FB.TMP
      Filesize

      16KB

      MD5

      ae40d8b75f2ce35792923e40b3acb35f

      SHA1

      6e98d41a40675cbadd2bb767765d19e64a1f41c3

      SHA256

      2d450fea35c288c0f143eaf7222829a8e4dd6f66fe8f94813524fc6f379d6ee4

      SHA512

      71bc50a01d988ed5aa5573e2e37f9ef431382572cc73e782cf9641b3eed02be8d698e798d302540efaf966aae3367184107d7f1134051fa46ebe4219b4efcc6c

      Download Submit

    • memory/1968-2-0x00000000002C0000-0x00000000002D1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1968-451-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1968-1-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1968-0-0x0000000000220000-0x000000000022C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1968-8-0x00000000003E0000-0x00000000003E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1968-9-0x0000000000400000-0x00000000004E5000-memory.dmp

      Filesize

      916KB

      Download