Overview

overview

10

Static

static

3

431a3be445...18.exe

windows7-x64

10

431a3be445...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-05-2024 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    431a3be44594d1dba224be1f4f8985ee_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    431a3be44594d1dba224be1f4f8985ee

  • SHA1

    b3a5478ac7fdd5a8ab5eee6c4c306bebab00b598

  • SHA256

    595fb1bb689599e7f92bc9a30ee1205e626b6aeeabf0b9af6d5da8586abda881

  • SHA512

    1a80f93c009ff14a1d9c66b26361fb70098315037aa3deef16da5be7085d90c111b03004d4726e85060989b406895b8db92d40a6ddebb613e42632c428130422

  • SSDEEP

    3072:9aji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9kdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\431a3be44594d1dba224be1f4f8985ee_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\431a3be44594d1dba224be1f4f8985ee_JaffaCakes118.exe"
    1⤵
      PID:1240
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2884

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      504be839c1d47dd8bda19e847c2abc88

      SHA1

      2cef67bda1d5d1bdd71c6d7e7f249a92624fb95d

      SHA256

      822a5757fe34e869270c049a79c35a09f3ede38e157af929c3f65a338315c729

      SHA512

      a5a519e79c80a2aaf5dd6c8c37b72fa160d384c0ed8c2c2d26cbba762e8357038d771fca60ef9f8e18f087ba3a1a49cae6804137a1e8654967e4ba8ff3077bab

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ba3a8a9df905896f45739cbc63493b9b

      SHA1

      f618c29b537d9d6fd015be5a709e5227135f6be4

      SHA256

      8f5f0bceefcde25ff62e2c7d8fb3dd5b35fe4dcc8804185e1948dd5a44da7527

      SHA512

      8b68470f7c4974342aad833de1c3077fb7405ed05ef8321a2db847307a6be143c426397626b6e01298e9af3eeaafd936acd3c3157912f6c840b73571f6f0bb13

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      39a28c12d37580f94ce9b1e3d09d16f9

      SHA1

      a9a3b2e15abeecc353a3cf5d2158cc334032859e

      SHA256

      bddbea4b5f8aa4911586cc3191608ab737bb322f9cff9efe54faa901f88833c2

      SHA512

      68d851c96dc46bead5ad72a4a0c01c402a88803deaa44dbcddad6d3c4d487b2a10c3af6ddf81e4bb555aba487f042a41dab4a590b48311e248e7fde8ad990310

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5dca6d2c55896bdcc2b93282db28d83b

      SHA1

      e2c96ecb416050e84352edffcdd572e4190b5627

      SHA256

      ae3c9acccf0bc052c85b6444b01d0cf176714c4e8e074ec5e0634586d2cdade9

      SHA512

      9c0b97c5f96cc34878ed9d31fe1f7f7bee463a1aa6cbf7694df2e429796f133a8d072605b217a105c08e1f2ad37890bdfb80a959468bca08616bdaf449396a69

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      616a125243d2b385c8ee98e03db8c063

      SHA1

      898eb513940132be813f3e485f7acf86e987788f

      SHA256

      527a1f0111136fd9147899d1a0ff64c5e1e6f53bfdff76ab56311e08ca4ad3ef

      SHA512

      0e297a35bfaec5f79dc35f95f299b366a788bf59ee57e16a5b6c87101e5027a911c71e719c5a0f0fa47013bfb4ec1fed11e633759c1003c84ebfb10ef4134f42

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      63e2aa7fc98f9da948cc8654ac0361ff

      SHA1

      89d799da3f5544fd753f9410d2ea09ce13ecfa63

      SHA256

      0dedcd8b698224095a3430aebd31f2a4c2b629e8c99fac855452f0a28fbf4bda

      SHA512

      e9bfebc624fd415841b5c56ffe00324ddefcb61ce1981a444b91ef6f961acdfb3246b27d68067c1849384282b8e7bc82ba7309c67b289a0974a0cd25b6be9fe4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4d03ae3dcf6696b4c811d681e97dbbeb

      SHA1

      eb6d3f9a1bd8308eaa2e90270d43b23d7f2ae124

      SHA256

      a13766953c6929bc006f098b43dbb6d572f3afff825a6cd86deca93319f536e5

      SHA512

      026457cec16355b100b5de73e5c5ccd31f58a8dce42c9ce005d6fd19719ef68eb3c1eecf76c05e908ccdf5a01022ba925b14a264df3a18fbdfde11e38054696b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1f402cec55888bfe834f336f9b13972b

      SHA1

      7cd304e832232c3e717929207142328a761541aa

      SHA256

      12780dff66e9b8ef1b14ee081af4cf34293126044cccba2f462abe9b8e346807

      SHA512

      a7cb0d476609b05de9b1adbfe0acc3690d61c42cb0c8ba5400502e8735b366a32677f41d43aa12d6b79a2da5ca062e1b2cce4b3b010c2adca517dd4c3da9263f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d24e1a8a356f333679881dda23c5a1ea

      SHA1

      c0d163ce1939d1bf67902b500324cd766fdd4389

      SHA256

      7f2dce8b87dc01bd652d854fdf9f11d8b257bc1d89f1a98ed802bdac58416908

      SHA512

      3304ebf3a2bc8b44ab6f91cfcb854d93347ce8dd980716a29a278331a0f9704b893cd004c2777eb9144c7a0f96775ef638a624ec50d6ce25225185edd2e82246

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8f00cb2b371a2404680b08c5d3a14b16

      SHA1

      d0eeb9a215c1907fb8f9fdf61ff55a5bab811410

      SHA256

      1920ae0126aa48457c577506e8c2711d187175dada70e88492c0b78aa7597eb6

      SHA512

      34f082215d4a43d7b56f9caad505c1c7e90b2f90e89ad0db6948d6d918d34fa636585980b7f3f7e94d64689460c8651bff6f158dc4bee2b2468acce92ee1e917

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7D5C.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7D6F.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1240-4-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1240-37-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1240-8-0x00000000002B0000-0x00000000002B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1240-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1240-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1240-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1240-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download