Overview

overview

10

Static

static

3

3474f0408f...18.exe

windows7-x64

10

3474f0408f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2024 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3474f0408fd4f7d245d3a5acdb794b66_JaffaCakes118.exe

  • Size

    459KB

  • MD5

    3474f0408fd4f7d245d3a5acdb794b66

  • SHA1

    1f1fcd5e8cf4bf5a35f4d9920408f7d67f37382c

  • SHA256

    4c3338ae8b9ddaf46d76f44ad4cf5ecf2b46e4d189139f6fd8fe9fecee097cbd

  • SHA512

    2678711fc6888940b0793b875ea7e5b3fd45832bfe47b003e9a8291ba1469dd69a32f9d05547ec2d1a6592068daf0987d12c62943ffb0a01e191760f28c204b6

  • SSDEEP

    12288:VQFtH1b0F7YGLGljH7/hBJZWIQDAAJNAZ8r:P+HljH7flQxNA

Score
10/10
gozi3428bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3428

C2

google.com

gmail.com

ztoy.top

qmiller.club

vipresleynz.com
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3474f0408fd4f7d245d3a5acdb794b66_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3474f0408fd4f7d245d3a5acdb794b66_JaffaCakes118.exe"
    1⤵
      PID:2188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2700
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1784 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2752
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2344
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1528
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1588

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      1c8f15b0567ccf37800b40dd74a33498

      SHA1

      930d0ba2de968361fb1f3b61e3ccd5661a2c2280

      SHA256

      4b3c328a512759b483d4c9ea4d2926779d70b142b868fa47048e5d90a3550c8c

      SHA512

      e44c29798ce070cc7000c9e2ae3feb73003abf4e9fa4531d34c7544201f5714ea5aa3f5cbc46a0e66d446647f0e5030ff4c084d50a82fd8a3b4f11906eea8fa0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0c99d7599a017957d69d3ef81a370e94

      SHA1

      425ad9215491531dbc4a1ac126555689b6159e68

      SHA256

      47936eff8805175c72731cf3bdc477b82cf5f31107b58576300f01f505170602

      SHA512

      5a5803ea7e455fa515f71403c207f8309cb39e1315c6844e561fa0fb629fe78203f5cebd03e62675e4592cd72a445f99ede6ee9503b11393486caf6d859bce15

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b0a87892f838884de5850718d70c5380

      SHA1

      d2638ff14a0e0764c9e9d469f3d65ee7636dd3c4

      SHA256

      1051e5cb848b5aae90b79011e97e322f6945e7c2315cdd28b5c445013e7fb758

      SHA512

      d30f4bc14a1dcf66293f2012aecec51cf27f720e19245bdd10a1b3da7d78e510d77f43dd1cc8d99df1b83806f7fd8f90762a93bebffd6941e9824898b345b856

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e4cbdb4c4e1b4abb0a9be139ad69c35c

      SHA1

      e9b89c84b75fdd66c58fe1fa5e1340c1cc4c4e79

      SHA256

      c35081cffda4e32bac1fea0fc008fbe61bd280bfa4d5640e5e1dddda53f89447

      SHA512

      5885d44a94efd3bfe5489586e487cc8f696600bc35b771876d068d7f9820b55122758803cd544c5642973e8ce9fb033f72875d3d5ecf46eaa6f37bc2a731b7d4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3690e9b553d5a00e45bb67abccf0e256

      SHA1

      080a4d9cfda46d37e25884eb66335943d052776b

      SHA256

      3da0d9598bc57282a7d228f64c0faa8e8a5ee49431dbc4f6767799941e1b285f

      SHA512

      b89f0b94ad91f36a9523b4abe6b5b648108cec68e1d866f7d14a7f4e322cd23e14da3c897385437d1cac8069ff9331442f3c14067611ca968033d13ac8c5d991

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c0036b35e4eacb3d1100c2ed5f69929f

      SHA1

      2344dee9e1981abec910565b3e8662a464ed38a0

      SHA256

      9fb024350510a93c55357438c64c3c1b1f7205c3b701b8b1df8c65c461573dfc

      SHA512

      e59922565dd9e5a666ffc764659f47f24e0637db3d36299a681b95011523fe0232a60de195c0d3a570cc18adcc67cccdb3ca5f8a22c9a5e088ad3f741f8f7667

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      00cbbc5e704afdce6ca6989e268fcaa4

      SHA1

      cf43e5309868dab598bc9aeefe87e435c1c38337

      SHA256

      4ba3435d6117bd6a4a081a1c1e261276ff911dfe46cd5525a9dd378469eda075

      SHA512

      bffa89357810baba32e323973cc9c5a1addd774efc9412d08b375bfff59a14eac9208a2aed10985a4b5c062dbc24ffb16f3051deebc9f5ad36e7ff09785a1150

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabBA4B.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarBBC7.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFBC9EE465CD798BAC.TMP
      Filesize

      16KB

      MD5

      873d653f6cd3b86abb572a67a4c3dfb2

      SHA1

      5864c8b7d827b51491875139ccbbff43afbaa36c

      SHA256

      460a5419a83886ded831d4c6e6ce26df0415e98f50f081b8cfb209dc4838e284

      SHA512

      a5f2c725d7b8bd7f637616789aad7af76fe8fa9f0a93c96b3d06564a1606491db779e3c595c5c10ad04e18d5417de6462825eb3b715e3601738eb834f166bac6

      Download Submit
    • memory/2188-0-0x0000000000400000-0x0000000000485000-memory.dmp
      Filesize

      532KB

      Download
    • memory/2188-9-0x00000000003F0000-0x00000000003F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2188-2-0x0000000000250000-0x000000000025F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2188-1-0x00000000001C0000-0x00000000001C1000-memory.dmp
      Filesize

      4KB

      Download