Overview

overview

10

Static

static

3

23a7f44c10...18.exe

windows7-x64

10

23a7f44c10...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 06:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23a7f44c107059338b4768332135aa3c_JaffaCakes118.exe

  • Size

    172KB

  • MD5

    23a7f44c107059338b4768332135aa3c

  • SHA1

    4b963b88f5d357f913be76d381095edfeebfa734

  • SHA256

    99153884de3e3f6a947a92c0a6db51ace70b61699fe7d537dfc5cb388df3df87

  • SHA512

    00188bedf1c7a20109b7903753441425a52d567d6a949fa87ae9697210f58699f40ec27a5ebb120c09194ea59562a51841acea805e81e4006db2a4b8e802abe1

  • SSDEEP

    3072:AmsGFyxF9HTzIlCGycfUA2atd+RRs6WtWeCJfY6mv5YXDPZdCYj:Amhy1Iigtd2u/6mv5cdCg

Score
10/10
gozi3471bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3471

C2

google.com

gmail.com

zkeaganarlie.xyz

qwptke.club

dihtmkaden1.club
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23a7f44c107059338b4768332135aa3c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\23a7f44c107059338b4768332135aa3c_JaffaCakes118.exe"
    1⤵
      PID:2400
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:3036
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:448
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:568
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2380
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2900

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c63f778f4f0d7f347e016d4fd2973d35

      SHA1

      eb49947cd26a8b2589d2a450062220098076b413

      SHA256

      d2b900fe03b5249a215f64df26dfa766cc49178ac4ece8fe4447147530c365be

      SHA512

      5efe84a9853889edf50e4453cea49efe013496c7157c1c3a7ff37ebc9443d4c270e4bcd2bada1dad596b50fa253f76589067f44709da648417bc056cb9917970

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      eb9c82e984ad487f34ddaa75f12484e2

      SHA1

      37d955f670c3a9ce9826933fb84f70ce36f6d36f

      SHA256

      0724b6a11fac477245075aac1c5f53f7a4f92f5ca17831a1507237d1e81010de

      SHA512

      cbe0620b8161ab24498185deb90d663d1f1383f4e08d1af634eb253811dda58fa89995ed1c4d742b67cc6fef88f5cda7e5b2ce4a42de66b01b6110688257cdf7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6ed634d7a29c0be65b02730ccaad3291

      SHA1

      ed91289ac50f1d0a902d2944ef27c093c495f7c0

      SHA256

      f5ab34060c9b6fc5d195f4ab496dbed0889cf247b3d423d96892a0a3dc75b9ae

      SHA512

      beb804eaa0cf0c322113dc17a6dfc332724b700b288336e3dbf06f3e8ee6b5dc1f9eb31a4d30a4376f418e628fd09c4f451cf0d3948e2a56901e87a95df83435

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6c7b0562bfdd97149a338e286b6e1211

      SHA1

      f64cc47507200c12bc902200ed834cfd15796f38

      SHA256

      182076cd6150dae9e97b2fb4d18ed4ad85ffc3396577d88555dfc60ebb42dd5e

      SHA512

      01039bd43ab1baf7d0030368867127b6114ab5b9b6965a98243b21267df81e4d774898b666ab7fba33c9fe961f476ca92caaf5d5e0de85728634aef1215b6da3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e7bd3a20997954ccfdb82c0504a9ca4e

      SHA1

      c447c649ec1f82bc5821b9ca609b84079238b98c

      SHA256

      13b6ac8c9bb2e4a1a819e15bd454f2df5cc1bf0086c81bbcd18b7aabc81b1fa8

      SHA512

      c5cdd016b9f8494e9a1182ecff08755d57dc0c7ec9dc701a4d28eafca78b67a9ce5097bce58217cbf07f85247440b5587d8dd4ac670680cd5e69ba01f79bfbf0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      be9dd2575e5616cc34fce55a8954abe4

      SHA1

      f43d62690d70db861175b2a7fa9feb7a6eca139c

      SHA256

      b3c0c3752ad08609d738249bc1e1ec62cb6501df274b70036e56d8db54950269

      SHA512

      de403b097cd86051eba7c13ebd27558aaf1b61b16ebef713bf7ce1a2028e8034eb9fe47b669b1cd6e581a9506b683f56fec4515819c3cb21cacf770eae453a2f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5963f665fed21a38749997a4bb5d23cc

      SHA1

      847d2762633843f0fb4ff8aa7d6ba1b6d5ac0148

      SHA256

      fc05448f9dc5265053d8107ddae8631007b25b543900827da775c840267a6457

      SHA512

      5b2316173e4dbeb9ceab6afad260833e643a897b1f919b570bdddde09695865a1d98c347287d10124f4b21a21dbac4e82557a0633e88decea169b6f895582cc1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2708a94af2c7c75500286d0f4213e658

      SHA1

      4b9035729166da7249e46a6fa1f7517047be4394

      SHA256

      17d5cb4c162494b42dca0849b7cccfc7b7113839ec0b4b9e04cd9e6b080d839f

      SHA512

      3abb8e91240bf090e75f8ae5929cdf74a881103489b71ed3ee70cd0352b33dad139272c0249ba5cddafdceed43876745a4cb24b9c079038c5f3c61cd3310a062

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0fa9b6341685c04122a69d49067b7b96

      SHA1

      e3385fefba97023c8a69b766d1d723bd9e4c8da6

      SHA256

      b3f2eef5faa00dfd3e0e71f1422542768193e5286500b8607662bc204f453281

      SHA512

      42743711f2898a48e659b5aa72795bc135db011f3eaec48301e64855c20bf34f6a6c1e35ce42113b45febd34db5c945a50e34da8c2962ab78d06a92ede343148

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\robot[1].png
      Filesize

      6KB

      MD5

      4c9acf280b47cef7def3fc91a34c7ffe

      SHA1

      c32bb847daf52117ab93b723d7c57d8b1e75d36b

      SHA256

      5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7

      SHA512

      369d5888e0d19b46cb998ea166d421f98703aec7d82a02dc7ae10409aec253a7ce099d208500b4e39779526219301c66c2fd59fe92170b324e70cf63ce2b429c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\googlelogo_color_150x54dp[1].png
      Filesize

      3KB

      MD5

      9d73b3aa30bce9d8f166de5178ae4338

      SHA1

      d0cbc46850d8ed54625a3b2b01a2c31f37977e75

      SHA256

      dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

      SHA512

      8e55d1677cdbfe9db6700840041c815329a57df69e303adc1f994757c64100fe4a3a17e86ef4613f4243e29014517234debfbcee58dab9fc56c81dd147fdc058

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab4BEF.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar4C42.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFAACC0A23AE78E7ED.TMP
      Filesize

      16KB

      MD5

      bc475cd41bfa4997e6f6487ef758fbc6

      SHA1

      1f79ce5a9964b8eb0d12ab769d2219501b89c4d6

      SHA256

      5f48eda38ddb15fc4fe4aee5a0a59b9113ca90d6d598a5bdc3c1231116d83330

      SHA512

      7f9d9032389110031e25af0ff03fa64867522be6ea67b1d8555d454bc3ad8579be88b307aaa871b39f4b474d2c7791c1c4cd6102485484c366bb6363b4efdf98

      Download Submit

    • memory/2400-0-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/2400-1-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/2400-2-0x0000000000260000-0x000000000026F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2400-443-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/2400-8-0x00000000003F0000-0x00000000003F2000-memory.dmp

      Filesize

      8KB

      Download