Overview

overview

10

Static

static

3

247ded62c1...18.exe

windows7-x64

10

247ded62c1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    247ded62c1a5fea25cff14468bb4db85_JaffaCakes118.exe

  • Size

    372KB

  • MD5

    247ded62c1a5fea25cff14468bb4db85

  • SHA1

    455a236dc683c163c5267c21660870f180ca944c

  • SHA256

    4f2749d187c0b2b8242ce338dcf26afe070210ec71acadd42e65fec64e0d0619

  • SHA512

    a640dd1b522ce91ecac98382bfaa1966bb8b01290dd3ced12619176ec828d77738a0b09e2fc455d636b4a76a99baff5e16507df4e3695b9cd176ee812579a75d

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzWgF:QKEufaORxezE5Fz

Score
10/10
gozi3181bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\247ded62c1a5fea25cff14468bb4db85_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\247ded62c1a5fea25cff14468bb4db85_JaffaCakes118.exe"
    1⤵
      PID:2100
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3028
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2616
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:828
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1856

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      14073287ef0fe2b6d0e10b0cb8785e3f

      SHA1

      71fe55e039178fa9fd17ec21b2f57554164719bb

      SHA256

      36c4582950af2f1c04170cc399dd2b5eede9e6a3941916222f14487d2a8e8627

      SHA512

      2d4ad8420557cb7d0bcf0862b1a8b7d74135dc775fb4303fb86838df06d38d3abde4044dc1fbf54dbc4e1b26f81ca220a8e54e557df12bfb25474fe1ff2bed44

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bb3010996ecb06b11d859070d160c3fb

      SHA1

      b6d1badfba521c2c7ca36157188bea65fd297113

      SHA256

      92b9166bf381cefe5f5421be280ad30d06adc8afb7fc9210005cf1df74fe1883

      SHA512

      6bd60546bc6862ab8b9c5f2e56686a7ab75cac31baed671913c93d242117db86f6a4afeecb9224bbaf204561ae6007230f79502fb288686c7c274c2ce615d907

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a34bb14346db1a2720469ac051c0f24d

      SHA1

      ad23351bde69784a62cd47b9a6c575a616c79747

      SHA256

      e1f326c6acb6ca38b59412c84a55d7a108ccf19d3e04ef2debc47d9ae0997161

      SHA512

      7424df5c12f5337f66411143bab7cc6ecda92b281b5e70b7c94a5e8d885b9927d8c684414c906477d95c299b9e0a3b9e33f8a03687432aabe45e2ab3fd2d4655

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      748c72be0d5586e6320bb6824d8b9859

      SHA1

      17e62b28ee423325ceed16f4e332910a7e9565e5

      SHA256

      b5df81be5ce5b28bb7bf8726275f5ecd4047ea790c25ad2b04198ccccd582cf0

      SHA512

      fe65f4e0d714eb8ed4da311398cde456e2d8f9c38b1dfadc2b23758342c657e7f00344e2b9bd357f582e712ca01b541daa3fa6067daff25eb8181fd48ec25a42

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      505de524c370635ed4d3f640dc3351c2

      SHA1

      c6a9f0623da5f65fc4578f99e5a8a13497b0cf34

      SHA256

      b85a1b7c7b1072ef9b814bffe9bf72ea44f42028843dc527bca4ee016a94e0aa

      SHA512

      f4762cf82198614531bdbeb526385cad1ee3bd4be7594f1f2165646fbd2a9676e599b66ac40358931b920e136acb4d5fc84e36f8e626d0e83caa7f8b91529fcc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      72dcd293cc8576c71b0dd5e05232d0a8

      SHA1

      868d6ec12ec125099c1c43f23c528dc743fc0d92

      SHA256

      bfccc23ece51bd18208c2894530b2a1d6c180f6febcedcb1bdd2be5b43cb68ff

      SHA512

      f301dd52a2be066e529d12d6b1d79ed232193e4e641cbaeec6a4e94a6aa216caa1e61419c2d66db9d6ce74f33d261b63286753ba602ce43a8e68deba92b98629

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      72d2d7fdf01aea696f2e926330f38642

      SHA1

      3440197034b3a4c59555e44107379cd757ac4de0

      SHA256

      d370c6ee4a394eb1de8d96fd12a2fc5f50c18d8ea8912d35c0e47ff28b2a2538

      SHA512

      74e6a1038ad5936aa0f7e3bb3c2388127bbfc6dbb2d7b8781e19f740eb1a281bf78bb5e46d139c924af6ae09632b4832c790e69083f0cdfeb1f818e48692bb0c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      27283c5ae51f72933873d22cfdbb7cdc

      SHA1

      7727918118fb6ac6862754e80cdb2102eec3b3f2

      SHA256

      dc06680cfa7169a3d9e2dd9269ec9c11b49d514f776cf76467c3b2065732db00

      SHA512

      b74702de9c945d40722d7c8b14f5f03dca63ca7dc740ea42430ebc7ee1783d82dbe09a144869780a8019b0814535dd81a7bc446218183a0325eb061cd8c018f2

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabC459.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarC53D.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFF9B7B5D10CEF3770.TMP
      Filesize

      16KB

      MD5

      4843b3c1bd0f42448aee66d832f714e6

      SHA1

      725cdff5792de2a88f1829c063319d515d0cab17

      SHA256

      2c1dd88342981967115c04188cf88c6ba748ff870407c4ac61cd473cf089e853

      SHA512

      0d32ec6c0fab5c3f70cbdb835e5bf3f1510d63c187dcc46dec0556be70282e556a9a7037703ab748856bff3405a24b540def282707b22703a83d89eb902a9853

      Download Submit
    • memory/2100-6-0x0000000000640000-0x0000000000642000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2100-2-0x00000000002B0000-0x00000000002CB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2100-1-0x0000000000280000-0x0000000000281000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2100-0-0x0000000000400000-0x000000000046D000-memory.dmp
      Filesize

      436KB

      Download