Overview

overview

10

Static

static

3

3f049f8b0c...18.exe

windows7-x64

10

3f049f8b0c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-05-2024 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f049f8b0cfae3dcf7f7e80be29b3b96_JaffaCakes118.exe

  • Size

    422KB

  • MD5

    3f049f8b0cfae3dcf7f7e80be29b3b96

  • SHA1

    8593456d01d9e80ea0562bb332b244604dd1f399

  • SHA256

    e89c971eb98fef3bc656af3b1e5f14561b296c7b4b9829f36f0ce177c6345956

  • SHA512

    8a627b37f66c40df01f041c1ee7d3da535e4419fb2411d2e50ec05db9cc8c85c8e4b900d183f0746ae718663c1737f656839427fb727a319cfb6d6e542fa1af9

  • SSDEEP

    6144:SpsK81JBNjVMRbwUXb8tFSfIrnCNSRuEkglTgiWlODu56qZiAm1:SM1d5MdwWQfSFSbZlMOk6BAm1

Score
10/10
gozi3429bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3429

C2

google.com

gmail.com

ztoy.top

qmiller.club

vipresleynz.com
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f049f8b0cfae3dcf7f7e80be29b3b96_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3f049f8b0cfae3dcf7f7e80be29b3b96_JaffaCakes118.exe"
    1⤵
      PID:2236
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2760
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1776
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:872 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1564
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:804

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cef0788f5e91cb03213899dba1fab3da

      SHA1

      33b3ae427172f78aa8083131f032c8aaede8236e

      SHA256

      8d34d96692e27cc3aac0a30e0d869aafbc27e5b0e695271bcc02f0313e553141

      SHA512

      70d6790654624faeaf5403b7ca7260b08c42a6c4e7af63f43ac7043e1887657a9d2cefd136de1060a06b9954926c7f3ca0aef9a40175e57f1ab0433e4f27c982

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ade49ec16e98343e750f69ee6f32559c

      SHA1

      591e599a67db2b73ef187b450b27d768dd63818c

      SHA256

      a34217bd015d81de42b0f81a24e1e041cad8d41146a30639b577205166782832

      SHA512

      14826a0d2c24946130b2d040480f5c15031270b61bee6bb2fbc80b3be4d276bc647fea1a4ecb567e761dd67e4a67237011ecb6d25d1916b786776511a3580b79

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a85923efe3f26808c8110b658f460072

      SHA1

      407864c7ac027e6829e9d93a5ca3c38154b254d9

      SHA256

      dfae36a50690ebf6259b11a92cc4670c8488dfaa3b0602ded4cf5d57099c7ed7

      SHA512

      9f99d7899f77865811087e0780001bc95025f2e8b78a4eb4dc2fed702f939a51d41ffd40940c030661ccf7ae90bbdf4d4cd84788ed0f071396f1f9cbd931f8f4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2c92baa0443f7a445fdbc64cf4e5407c

      SHA1

      b249f68cfc427c389ab70f2de41372c27498d447

      SHA256

      0dc7aa3051eb61a4108296a5aa8de7dcd40f314824a58eee7d9e60d50c9a4738

      SHA512

      474ef416ea12f5ae7f01dae25f5773a7b40facb4d5bde98b3b69e9f534defa5984d7b42259dc0993e914507bd5caea0c2769016536f9e7d1dede321bcde60bf9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      08d6cccc11257ce866fda5c3b0b031a3

      SHA1

      9d16a157c3374639f8cb914d27a51403e309f413

      SHA256

      9bdab775a42356bff404c6a863996fbe98cb336b5b522906ec4ec6619113fbb1

      SHA512

      33922d5191a6fff96f1f8ce50bbceef02dfe87fb2619e016a1e2a5bb5f57d5af55878e78052800c64a79ccf9cac90d04b5e15bc263c4b1231105de85e23ed766

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      084c162d793adc672c431e2783e047f8

      SHA1

      5aaf3d36c196f7e26e075bfb1365cb744be60f71

      SHA256

      f1b433e0ff190d6e761367c1ca015e2d13e1a72f8df7ae8e33a33f3effba7dd5

      SHA512

      bd2d47e8af40a99d6e2b53425bf17d9ad7795b3273e62ce0ecca5a38375b27404ffbc6ad60fc02ccc84fb197456fafdc35e535bf894237f278787fd27dc3d010

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cef7e0c88f530c65fa115941f29ef9e2

      SHA1

      e1315386b88ea00d5cd3c828c6abcdecb97e2e84

      SHA256

      a20811d01c58322d7f4cb8cbc063f998bc664c6cc92179c22c712c32ba27a3e3

      SHA512

      96bfa4bf7704c8a129de6449d5b769ba6d18a4171f7cf8264701c28b2421d1c0f6dcddd7210c7e1375f26cd5989006c2887f30a76869b6439c3ccb0d2a283e76

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f480d33e67362cf9b340051d0dda647b

      SHA1

      300b832002a44cee74d2956e561d41320403dd0e

      SHA256

      b99ca42777bdbc05ef54fcd0cc08b6af3473dbd6c51e21de11d5cfbd21f699ab

      SHA512

      0d8186a5f33b341679709e780ac537d9afea6b46c0f453ff3a65f30dfc5342eb6b41f907b367fc3b64bc4c1073171f70e5aafa3ec244972638950d4afb0bafd0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      db00e82bcf5a46328ce07f3665580ee0

      SHA1

      c2c24bd035b69a123b6c281a461ae4dcb59f3f6a

      SHA256

      3eb6cb7ef137c8bebbde989caed36ffdd76c18d5e5fac92a7f9e3c9790d727a1

      SHA512

      4d6b9cb0ce37ccf5d1c4f5df1be0ef18d939f4c1e0c1f9b3df3a8b09f57b0a6e229a0a3afdd77a2952249c798af7d50c61ff6b2f6dcfac8ec3c3edb31ea1dc6f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c456a00d3312d9a06f7d1b69ffb4e38d

      SHA1

      86d98daa9910268c68ea0a57e4f5fece452cc54f

      SHA256

      207835186d9545bd11c068159235631ef2a96ac2553c942410978d5610887db0

      SHA512

      a25f99458ac43b75aacf6e8cb9403d8eee3008f5974385cda6bed59ba81d6f0911518610b51e554f012e3a3f967ebec95f774c39ce7623e2bca6367d816a6790

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC47A.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC4DB.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF4303E35DEBCCD831.TMP
      Filesize

      16KB

      MD5

      f1a3a02b47e05df8cd14af88875c11c7

      SHA1

      39e9ee9664f14177a119e3ff1611c2b0e9aba50e

      SHA256

      a79ae702f6505fef0bee74b996ef582218bddd95297c132b1809592c55add24d

      SHA512

      7cd80d678e13f9f06beaaa636ade0f534679725ac458a63789d3d66d4afe0357cbd718bb21761e5e0142bc415845e673b950d27f00a0f308bf7c094307b797f5

      Download Submit

    • memory/2236-9-0x0000000000270000-0x0000000000272000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2236-2-0x0000000000240000-0x000000000024F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2236-1-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2236-0-0x0000000000400000-0x000000000047D000-memory.dmp

      Filesize

      500KB

      Download