Overview

overview

10

Static

static

3

36bfbaa8f2...18.exe

windows7-x64

10

36bfbaa8f2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2024 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36bfbaa8f25c2fdf10294c4168d4e7ff_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    36bfbaa8f25c2fdf10294c4168d4e7ff

  • SHA1

    8e32c6f6134dd7de557a47493bb0a744ed387aa7

  • SHA256

    9451334bce0d2580180aafc68282b37fd56a88bb18fb7b58afd84b4ebf5844c4

  • SHA512

    9165c6a201d8787e9e5f300d4219390756555896e19e9ca1684a6dbf385bb2b545fa4e9ea3b301ae160f856bc123f4a350036a7aed3a14397ef0bd711f7bb5aa

  • SSDEEP

    49152:y1DR95DcafLiNYlbp5DmempHFG4VXd7DPEz61GNB7VbO76ATmG6virR5/rbxzGI:mR95Dc6iCX5DmlHFG4VXd7DPEe1uY76m

Score
10/10
gozi3531bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214107

Extracted

Family

gozi

Botnet

3531

C2

gmail.com

google.com

k55gaisi.com

leinwqoa.com

bon11ljgarry.com
Attributes
  • build

    214107

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36bfbaa8f25c2fdf10294c4168d4e7ff_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\36bfbaa8f25c2fdf10294c4168d4e7ff_JaffaCakes118.exe"
    1⤵
      PID:2244
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2960
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:620
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1080
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1080 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2384
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1036

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6058571bc58c6595d254ab4c5da4a393

      SHA1

      eae7a2846b0de83249d0c1c35753948d5b388920

      SHA256

      8195ef58eb64b5bbed091ba9919c0b30111c8f10f9ef0ebad718dcd535d28148

      SHA512

      026efb5666cf257cbc3fd148fc07b46f9949c00b8a405a927530b12b50890a3848258fe2a8ed5ffd4ce541901f4ac0c5baddc291fc4ce0b5bc2241c314c6fcfd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      33ce4f9fdd7b75235cea2defd9d6758a

      SHA1

      9e50da7de8efcbe16a3997d449c90d5acd708b3a

      SHA256

      03c1c91d359e934b266df7971b3933f8fa110845010925be223eae93ddf36002

      SHA512

      da1fb706a702ee5add8671a71f2465352fec048914e40f35224ac764b8d030cf15fe80bb0eb5aebd0a1a3590f1741efde2dbd7f1cd68fd570b43e6c374fa2013

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      16572efba5b7c1d2f7830d1b885dcf1c

      SHA1

      f83bbe9264789d3b4a811375f1e18a8a95c3417a

      SHA256

      741b3214f2dfa3fce429c6e61e87d8c779807c6c718afec1ab5ce85d3a727841

      SHA512

      fd84d572e5ec048189422ddf137517aec5199062401178176a4329b407b7bbb488375bb76c7b2ebd5367d8d2e8d842be95413215382831eccfd8172945c39567

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a973d95feb2d7c5e13d8183b77b0ecb8

      SHA1

      355b56ea49ae838c52a710e25e0f1a80a6abe463

      SHA256

      da48d4d4b749f8c7e81ecbc3ccaef70c3ce81b7048954a4e54c801ee2650edf3

      SHA512

      f2fd305add833daa48075f71cda56b4367892869c65c4969f5963bff7aaff6944d6beeff2ca1997a849e570c0c699d086aad72f510941d7eb89ada4c2336b319

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3455199383f9caedf3eafcb70b9858c4

      SHA1

      aeeb7551ec0aa0a84439011d88b0bb928e7c1f2c

      SHA256

      d08423989f3b9de88dea4b66c245aee751554ae90979d5da7af891fbe059005c

      SHA512

      34587ec57af61ccf05b435fbbfa9604c6bcc73d7969758df21910e6fd6eb0d5949110ad68a0bcdbbcee3aabf735a47c5102160adf22afe7b8f8437e4b256a55b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5e9a64801c2ddfb4d58eb2bf7421da45

      SHA1

      e517698e49fbef2b52061db6b5ecbdefb1de8a66

      SHA256

      4deb77225fab053c5341039dc5c3abe96aac5bcb1ec7141f1e4dff28bb502173

      SHA512

      772e0b0c54beb6d0a785278161ad680ecc9cb2548a558aa3f8ca679d84a7f34a849eaa88201466b15337965f7abfb6e0fcf2b6054b4cfa243823892ea627d027

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8ed82df3528c64e5643764812f695202

      SHA1

      c106acba80ce21cf815f8c478eec49916bdfb7c9

      SHA256

      18d7230f8adbb2051a1e131545eda87531a6614e1470a220543bdc9ee057d8fb

      SHA512

      323d2e1a5bbebf240e19396ebe3732ab5bb4f5fb4427744d446b310f5023d5b842f0f99996db0c1db805baa14eb2637ba4a4a677444d659cd288c854e56a75cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e34ed7ee907b7833ee7f53670a3522a1

      SHA1

      e3ce688d9fdf100eb736690ab12124c24184d390

      SHA256

      b5cf759f7b3ed64848898eb701ae359d1018d1f1dfaa41a2e4b248dc610ea95e

      SHA512

      3171f8760664c27b19dabb8ff0048bef488754067b0fd9be82e83d75e3f474769d9913c1f0dff679365e8c850ec354f06f08e50f6548bf86bf3ca84ac6c559c4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      015465a128d3ef62c7e2c818fc234c9b

      SHA1

      875dd5c71b9bc1d691bc904a503519eea13833e8

      SHA256

      cde3192e23fefc7e4b4ab376a6617c6b83b0f1eebebfe05da58e36c23008e717

      SHA512

      c15cd2b85af5442388e84c2807f680af9ff5f7c8de7ac97b7304874dcbde19f818def668e2fe2533fccf224aa56308bbd248d736063bec0e50ba69387416de95

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE2D2.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE334.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFA9C057A56F21DBCC.TMP
      Filesize

      16KB

      MD5

      2851afa010add3e0f845e9c0b3f202bd

      SHA1

      0ea16714469a85e5961a0a24aea420d0ba1157cf

      SHA256

      d07f059fa278032c68889603ece2dddeee4a93d94fbdbeb997f41ca67de3cb42

      SHA512

      786b39f131de9c156184f26c5a5de8a5ca6911f3933952b4ce8c29512b346a59d267cf8cf2afe3471b9cc14e4c98fd39130ed32b8c63a73c6aa0acfeb418f222

      Download Submit

    • memory/2244-9-0x0000000000200000-0x0000000000202000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2244-2-0x0000000000190000-0x000000000019F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2244-1-0x00000000003F3000-0x00000000003F6000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2244-0-0x0000000000280000-0x0000000000427000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2244-443-0x0000000000280000-0x0000000000427000-memory.dmp

      Filesize

      1.7MB

      Download