Overview

overview

10

Static

static

3

3f689e796d...18.exe

windows7-x64

10

3f689e796d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    13-05-2024 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f689e796d6d0d65b7a742880d21ac97_JaffaCakes118.exe

  • Size

    3.4MB

  • MD5

    3f689e796d6d0d65b7a742880d21ac97

  • SHA1

    a296cd060f5331001251cd59c2b2730b3db43d97

  • SHA256

    7322f70e06112dcdbd7f3fe6422ac477e5e5eb6dc027ad3f717c8dadc8706039

  • SHA512

    aa506e45a69f4318be72a713db021b19a634f1287394a34fbe326a3dfd5511f085218913ecdfaa14a4e5bc2c3ff0affdca2749ba8247b3f04234e148a5a6ea36

  • SSDEEP

    49152:U89nwonUXJK2qmngTTHQVOwkBc9ODyxN50bj2qYYTWttR:B9SWDPwO8PR

Score
10/10
gozi3478bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214096

Extracted

Family

gozi

Botnet

3478

C2

google.com

gmail.com

waouqk51iu.com

jsztkeagan.club

jkeshaunjakob.club
Attributes
  • build

    214096

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f689e796d6d0d65b7a742880d21ac97_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3f689e796d6d0d65b7a742880d21ac97_JaffaCakes118.exe"
    1⤵
      PID:2952
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2448
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:796
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:796 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:996
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2432
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1808

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a8a3198f41c32dd0c0a0310d6ce46b6f

      SHA1

      11528edd9972f10bb700a96278dc8c057e4987df

      SHA256

      e098c42fc3245de08916083558a0e0086b96cbac17a52fb7c860c823e8f1d36b

      SHA512

      725153bc958727e1c0f6ec2cb19f843a6eafea8eee04f456892542197ad54c1c39b52d8da85693072a53556692560e64ad4fe3dc5f75059d8fc6790e54f7d8f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1b9d683a06a8b26fc87c9cd7dcf67718

      SHA1

      86ddfe26eeb6b2ee9d282aa29c3a3722cdf261c6

      SHA256

      a79e1ae103b6dd6cd4901fb2874acc77cb553607f42cddbe191bb66aa0580e9f

      SHA512

      2b48691e6ba91506fb34d8980cc4dc4fc7669090e5d45ed3a71d4bf1cb149f4bb57307167dd9f8aa9e20166d76ce90d5ea5f8db9095fa3a98efebb4998ac1bc2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      623c807929ba58b5cf9ec13701c42e92

      SHA1

      338738947ed1318e3e5c0c7bf39debc496c8298e

      SHA256

      669a4b313b9c586fa38dcd365423b6ed752316586d218f2a6d9173292fcb70a8

      SHA512

      24f9cfbd68ae81d38c2da21b7de59c5082794e3bd9e47a8b3df644163cc64393a84b4099030ddc0cdd0cf172a7ce50a1b297bd0f5755bc04480b7efc992f2533

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      07c4a08f30254233bfba051170583105

      SHA1

      d36adaa8077275d05e53e7c462be25f29b9ef4de

      SHA256

      0e7589d3141c333694db34c381d5f286a8ff5de1f04e829eb848760231258993

      SHA512

      feb76ecf202c3caed968ec9d434da3507d7459ec0d8cdd8cabf6d65fe871754689a022d8d67989472044ea70ef2f94cf4d650630520c38261eff84d228c81f59

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7b539bc32b1ae2e826ef03d0b9c25469

      SHA1

      70601419bb8f91e59a38d353a918284e4160cd05

      SHA256

      addfe9bbfe642a1445d40e7b134e8a85404df926399621e66c46ec126ba0a4cb

      SHA512

      5b814b350391dc5525d7bc4571b78af88da2726e99d920725e30c394a2b160406f4e5b4cd512a6b08b44d59ca46a3dd753e0272a8cbc43cef6e640cd330fb8c2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      652c699e99531edc8505632f3158f23f

      SHA1

      fcc47108b84d7f5cd6739737e34ce07a00e530e4

      SHA256

      4a34b6e7bc776dc8a9418641fd03183716a723649992cafffe22ce01a150aa5a

      SHA512

      923badec97ad4ded6f83c033b237467ccbd74773bbe9dd54f6d74568a5b59ca250a1913ce522fc48e2563b5ffbec7c83fa39d28d04e41434387ca1e63ef9e425

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fab8609a2badc524db2929feb67ea5a6

      SHA1

      d91dadd8cbd9c38b67ff995a0ded170be444385b

      SHA256

      22e0675ab8e01382573b648bc3f7bb36d932b1c216eee6e800524a5207030a45

      SHA512

      2bcaf23c9a5cc6d4ed7fa6ca311699f14277d275dfd7a85fe5030b064bba409a8d40454b51e00ccc070a4774c604b8aec25ae523a2ba2883a66cb6aded273b51

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ad843c4d58d81258acc013f6d7866f99

      SHA1

      5c38066ede40742ee8a4fc4314214b6eab7d7ac2

      SHA256

      621596db551e1ed058bc3549242a6cb4848e49a34bcaae94aec6dff3fd79c360

      SHA512

      7e8b26f4a6e4cafec13cdff55007af1d9011aa7393129f064338504a999f943d6eb612994f010810363c0e37105fb36ec9c4c3f74aa822a712a3407f222ca822

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c86fbf93eb8d02314bc77299441389fe

      SHA1

      5b3a4cadec6562ce30834a926f6b3decc50f6c9c

      SHA256

      6cf6653de060e49fd829283b9d26aa1fb9d6d73b6c41408ef244b3f1cc521ee7

      SHA512

      62215c2ca080705be3cc97138f9ff6061b89321de11730faaf6d06515f893bd3fe931493bead0b37a5f5510d30225d2644acee5c59f36a1a67ef440a5ffd0d5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCC55.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD14D.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF2F2C23B926B1A67E.TMP
      Filesize

      16KB

      MD5

      8073e45dcb514e0e873d746a5cc789df

      SHA1

      6a63592a06e9bbc2db7eaf5f910b50dbcd53c122

      SHA256

      96f08d60320f2578a46accf9234a6b8c2250ab782bfb4ecae49c0b1890ea1798

      SHA512

      1e1f682380f7112a2044d732cf4a88f5fdb14031415b9ddc9b27f8bee7a2e7516d196e56da46ef8297c458f5c093f1a56b4e3870135419cca3f320173c765986

      Download Submit

    • memory/2952-2-0x0000000000779000-0x000000000077E000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2952-11-0x00000000008F0000-0x00000000008F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2952-4-0x0000000000250000-0x000000000025F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2952-3-0x0000000000400000-0x000000000086A000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2952-1-0x0000000000400000-0x000000000086A000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2952-0-0x0000000000400000-0x000000000086A000-memory.dmp

      Filesize

      4.4MB

      Download