Overview

overview

10

Static

static

3

31b021a4ea...18.exe

windows7-x64

10

31b021a4ea...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31b021a4ea9e67758113887dfdf4ee89_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    31b021a4ea9e67758113887dfdf4ee89

  • SHA1

    ccf28cd9451e330c498d4f9b23b19fe471e1427c

  • SHA256

    892356bd0a480bab24daaa62d66d31b957cbc2bc4414e07a70ec86fba39af0f1

  • SHA512

    7f41bc4c454def40edd3769286daa68aa5e3ebedc4358997556c9ebe9046ed613862e97be8e72c8975e700c3f27a8de8ffa8d89779438c2fef0a8c11119ffe9d

  • SSDEEP

    49152:wK+Hl4vGdpSL5ktmiMb6eMxbqgu+uZtn7ONp7bd4r54pHduC:j+Hl4vEpbtmiMb6ehgu+uZtnCH7bd4r2

Score
10/10
gozi3493bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214098

Extracted

Family

gozi

Botnet

3493

C2

google.com

gmail.com

lsammietf53.com

p28u70webster.com

ploi7260m71.com
Attributes
  • build

    214098

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31b021a4ea9e67758113887dfdf4ee89_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\31b021a4ea9e67758113887dfdf4ee89_JaffaCakes118.exe"
    1⤵
      PID:2756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2456
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1376
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1376 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2084
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2564
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1292
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1120

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e1da284974025a0c31d2b6565c8a6578

      SHA1

      ae42e925cb27bdcf79d9484eaaac8718923c2554

      SHA256

      43b02c371898b45be99fce4067eb47aa44b4ecf9df2df47a16bd6280d93ecaf3

      SHA512

      eb4c7f0bfe672ec780d6643667d92658ca97d1189a642c897351009a8ee8f647b7edf4c5db59ca0f9a734638b5f14d04dcb4682b2631a77101332361e08edd37

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c15e3d9c41843299408a8fd854a91c86

      SHA1

      4ed23e4d53b6daf6dc8a7c3338e1c65fd8eb6bbf

      SHA256

      34d9b601fa9f54150fcfaa159ada49268f689c5bdbb13d21fca0718d88cd988f

      SHA512

      99728099dd8258c3f31b6b311d9d925314649de50b53a4118d42dbe575f281cf0942bbc9f5b07206bb123cc043579d5ca4e9e7eac40beb55d6597deae6e0bc9a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8bd2a88c6c0ba9bb9c1118584937f22d

      SHA1

      ced9bdb483c508060c0f3ae520e94dc2573710fe

      SHA256

      e0cfb0a981c14f669e3261d5fc7c93093aacbe6a7444ad044d66e4625177e80a

      SHA512

      3ed3efec26382cccb260f344131bcb51085fcfdef5a87eaf8b9ce692809f8792739ef20dc84d89c2c35f3a487d3b464847ff73e142270e06f9c4292d2639de56

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3986df14f8c201639b5a1e730126f15c

      SHA1

      0d9475ad90f00ba178d22f531d3131b2bae13d37

      SHA256

      2092948aa1b5358bb246a346d1dc00e71edeb6f8a3c46f58b9776771a6dd2a0a

      SHA512

      f0a9347782091959768d068b07856a4a9d05c2deaaca5a3718b0a3bb5037a149b7abc494a69f9fae653f67c94bbc2b999f1d8379c4512d3ae63250e8483d3522

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      836a9b6ef3f85f5a839e1716a099afe5

      SHA1

      859a94a2ab4cb89a657e44e154d3f2585d3de198

      SHA256

      f6ee375300d4139ab2bc5b113781c2673e3c4a210feed01aed2609c8e1adf411

      SHA512

      c7fda3be1613100cb201fb33505618543df8aef705875409a8502b7bd26cb5cb010105270a5727735b0431a5312783fea22381fbcd3e1249beb1cebf8c3d291f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      52cbe248a1059c83e311a93ce8138064

      SHA1

      a14b5cfb00dbbb283cadf143f45832f707aaa649

      SHA256

      11669aaf7cf2e058856d6e15c5acb767dcf9e824118fcc262c9dd5a624cffc00

      SHA512

      6be27ddbe1038cca558294acba6b3de6b399cb37d6424848c870e6096ea169fe461d398a05f95a0e4d4e6beed98baea78cd87050e46ef286a818e8eb7352e54b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8fa0caa6d9fe729028ba2b6c44f67f78

      SHA1

      e48a07c929e57a8b8b8af05870c61ab2e8f12f5c

      SHA256

      c2378f5db6dfedb72cd978c970ed473f09ea6abac5546a717b4151d7d8b68163

      SHA512

      9017fdd45cc707599722f9d7d8e626c4609d9ac45a6455bcdb8e68543ff15be896c13e673b4b77fa4d052b864050e03daec69faf8075885b7a95c98ac12abedd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      665d242eb40c1ffc97353e9d48c5f6fd

      SHA1

      51a9e1ce34023a4a1803bd4d5535e73715f480f2

      SHA256

      8a61634f86ef2c6128111f4e26067e55bf892a645feac442b1745853e946c08c

      SHA512

      c50efb23bad478ef0b9eb1919dc940df0374ddf1e5d0971ee6d57108f3d5c9464461d8a74bf833ebd14ffa477483de264e7c6d02d96d2835d42821f8fbf1cff9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8b468a3e0b94693d7a2a8cd58548f993

      SHA1

      a3bfbbdd9d71a7e538e1a44bb2ecb1a4eea78037

      SHA256

      0560d3207693948b565edccac1f87a32cf2f42fd4f01f332e95ba9aaba7dfd84

      SHA512

      83a0dd0a614113a917cbc7dbb0dd1917ccadcd4ac733c4b45e5d398ccae63709046674a4cfbd4cc4d2cfb0eb76a54afdb41836f16614e621dc25eb9d926809a7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD108.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD1E4.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD1F9.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFE79966784BD6FDE9.TMP
      Filesize

      16KB

      MD5

      6d45894706ae9c8de0e0275081c64fee

      SHA1

      d2efd6f1dc8d5a418c700a7c7da38443aefec877

      SHA256

      9125b7dfcdbb1e6edd5a4b62d4b8b01524406a5367826540c3f1ec37e8f1525c

      SHA512

      1d832ec6456d92b346b3cc16fbadd5b091a4770967e3d4d89db915515cfda0ce1fddf582165e3921cb7326d9077086e560cd1add8f79591dbf9dd54228666d20

      Download Submit

    • memory/2756-0-0x0000000000990000-0x0000000000CEC000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2756-11-0x0000000000140000-0x0000000000142000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2756-4-0x0000000000110000-0x000000000011F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2756-2-0x0000000000B3C000-0x0000000000B41000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2756-3-0x0000000000990000-0x0000000000CEC000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2756-1-0x0000000000990000-0x0000000000CEC000-memory.dmp

      Filesize

      3.4MB

      Download