Overview

overview

10

Static

static

3

319f9e1065...18.exe

windows7-x64

10

319f9e1065...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    319f9e10658376d8925ca870d35e1137_JaffaCakes118.exe

  • Size

    648KB

  • MD5

    319f9e10658376d8925ca870d35e1137

  • SHA1

    23a8fd02baf0cae25c98a89fb76196d532ed1767

  • SHA256

    915dc55b4031def7064312e56c9a9effa21ad124366df54fdc1215ef1709bfd0

  • SHA512

    3689a92b44fbdf5077f5dacde8967754488241571c74dcb9cb15ca6dadc0541bb32362b7e7525ec9fee6dc0b7dc9568930fb28141a4ccf9b6b5c34ccd49de8e9

  • SSDEEP

    6144:Q5mTEDUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wED3kEDnQdM9rEju0TH4l

Score
10/10
gozi3189bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\319f9e10658376d8925ca870d35e1137_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\319f9e10658376d8925ca870d35e1137_JaffaCakes118.exe"
    1⤵
      PID:2980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2936
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:824
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:824 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:836
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:820
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1944
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2880
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:316
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2244

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      136e78464173e4b44ddad25c8e258470

      SHA1

      137c1a8f3b04ea6acae7ad98a19a2ad4256ae0ac

      SHA256

      53df2c96395ef0587c8e882dad29165ef6d9819bf9128a952b08703fa66c7d87

      SHA512

      d48b796e3589a16b51d07793e9229f3c08ca0fb2ca32ba726b42e2afc52e7c710a4d5c6b097fdda69b14928075189d2934c8029645e9fab55c80fff65a17c253

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      882c0c2323c10c0dc150c5d293d43d70

      SHA1

      c52c723ffc8f18d2baf376bd4f99173deb8fb174

      SHA256

      6a8f15925f5562490c2b6edde7b66b923ac5e2cadc06912f39c85551d510c4df

      SHA512

      be8576592692555ea091e2bd191f9c9093cc2ec17be4f4e138e099d9077501b8a09b772453e41e09e37ad3daa1bfee0afd48d9194e26c49bffec978a8fc72c9a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      17ea13e4370c0e282deff2ba4ad5fea6

      SHA1

      cf8bffc32476d808fda06335cb269d19d8fa02ae

      SHA256

      1cb20eb1816d1ac9235e8c2b0edcca3d19b47b36244e3b7faa1d90a665725ac9

      SHA512

      48d99e6f1abf7c9c76d3aee44be1eeb59b4913d746d0d01a86f3c541d84e93871da3ab76a78d7036adf50a0e75756829c8bbd4ec77ffc32b5ea6e92da437d5cf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d9bcb0be8107d7b66d7fbf5b7434e169

      SHA1

      95f7935e10e372aaedbaf50825ddfdf887910b6c

      SHA256

      4df66f77b57bc55b4d66662627b098b38d3ac045a9335234c42d422b6812539b

      SHA512

      ec799c814a4d545753069ae8fa83dd7729d942a52ab876621153c7c1c7926a2c9820650885a1e64fc99e3135fb9b9e478b16c230ddee5c72aca38d59856ddbc3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      77fdae019c461f3e090251b91a0ddab3

      SHA1

      0d4435dd315286d0a46ebf79c008b8895aef9b4b

      SHA256

      f9d6d389aa4dfa16215d5b43f9a4575303888620bc491cd8dac013ea8ee416c0

      SHA512

      10792a3a8e4b91ac703b65de68288de90402fe9865679bf6b2325ac88bf67c436a155a2f8809c136642fbbf68ca2e6adc57c1d0199bb3b4bca853dee68fdf56c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      444db29fa2faad8c4cb3445007db6305

      SHA1

      0aad2e445967ed00cb807deb06e51fbe9f143f9b

      SHA256

      abbfb9b6010691a8d77179b1094ccda2b1b1e6c65a764ec762e5d9e1e38c88a7

      SHA512

      d04ec5e7a426b95f909ccbd3fbc300764b4a085c56d4114be72ab0c1abadf2256fb9fb6009577d367dcf5c1c167a67ebd3bbef77d0e7650cf0d9d232997afe68

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b5530fc0bec23c92a9a67d526dade51f

      SHA1

      60f5afdd793624e8cc4b74e25a388c71c5615b21

      SHA256

      e3ac08234a52b118438673a7481d86a76c9745aee5baffffe22b00b707c65749

      SHA512

      1c64390cb9f8c30800a9142fa1747a60ed89c24f1ea6c06491bcf9a58b24c2092bea0d4d6fe863def12071850d9e8403a8a28df040b8d7d54ac03f988320adf9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1cfe71481d39e2f40fc24322c2f9c04e

      SHA1

      4cabd125f732104b2aaa7ddd62dbcc40f425f00c

      SHA256

      fc954a23ed7e8f73c37929ec4034586e9cc2517e9b4c3d76dd62f8abe26869fa

      SHA512

      336ec5114bb1569b745901786bb45b951aef602306b12c74de7ea6aedc3a3430e037967b3d282c187047e054eb7f916a393376671b4416371faaec6b6b11ecf1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a42685ec6bf395354979160651f47bc1

      SHA1

      466b9ed96cde7aa2319be231a6f8ac8f65a84a29

      SHA256

      02af5b9025399cdc359d3161bc3b326cfc3479a5511e6cc088ce40e24db430ec

      SHA512

      68c56ba133029dda262b7c584c08f6d39b7d7a70bcdd29926176bccd45d45d734c79b7183bd2fb7fe9e23e88bee616c45a0892feea79cf10c1c2fa77283fa725

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabAFFF.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB061.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF387401EBDEDD5B6A.TMP
      Filesize

      16KB

      MD5

      9ba57c8cc1bdb10d63128d98e8cbcc4f

      SHA1

      01e0f7724582ea5802953d32d57bdb3a2ac3299b

      SHA256

      787eea26ec9b12eab6e24f8c6c99bb9e96f2d3d2ab06acd320c2460f1f509dad

      SHA512

      f4f0e8e891034060d17fc0edc2044a7929b6ff3ec0b577812d1eb1b41271c3fcd1cdcba065b71cac9af4c383b2c725e5587f2e6cab3c8992ec5d58e99a4e7d67

      Download Submit

    • memory/2980-0-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2980-6-0x0000000000570000-0x0000000000572000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2980-2-0x0000000000540000-0x000000000055B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2980-1-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download