Overview

overview

10

Static

static

3

431549eb0a...18.exe

windows7-x64

10

431549eb0a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-05-2024 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    431549eb0a7fe1fda8739151c5c73059_JaffaCakes118.exe

  • Size

    372KB

  • MD5

    431549eb0a7fe1fda8739151c5c73059

  • SHA1

    76d6af4986040225e48c9e21f2207def6dbbbde6

  • SHA256

    7960a96e1dd1172562ff5162b5b093baa53065b686beaa0653390766a3a3c14a

  • SHA512

    71cb8df11f398e6650d1eb4400454aba9f0926de76132dba7d352adab11a92c92ea7c7cc818c15c232cb82cb29933b6a1da8079bb748976944ad68f3063f9fa9

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzBgF:QKEufaORxezE5Fz

Score
10/10
gozi3181bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\431549eb0a7fe1fda8739151c5c73059_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\431549eb0a7fe1fda8739151c5c73059_JaffaCakes118.exe"
    1⤵
      PID:2968
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1688
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1520
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2296
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:324
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:324 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1008

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      add888dd07bf33523c65b2150592038c

      SHA1

      e07eab46e73bc05d090141d1aa0edb9364a47278

      SHA256

      cdd60c85ed9cb170149b1afbcb7de14cbf86b53ce81bedc04a7a658faba1b427

      SHA512

      e51d6a92107dcf8acf831e5b21e8f3bbf29d663e9990a49e96e740c3ed3a22a71c7d1f04c1f5ee3fa30c2270fb300b312db678e828b928d51809ee0e36a6f5c6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d7a9c2191b1a7af4841283588cd35af1

      SHA1

      ef68235b26275b026ee97b027fcfa331c9526cb3

      SHA256

      34f6c17de95f55f1807ad9cd9fd6cbb50b5cc4b06b4d0d60c807801db1d712cb

      SHA512

      139d05322c6ad5d62d9a968948c736ad2714ff382346b0b85a15e7c9adb1a6bbb147cad1214ac13deb48eb92e2e0b2c652512d0afcc357bca04552f0f6ed2099

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      46f7b2b1d902f03383b0a3934e8dc595

      SHA1

      3f4f73d6e58bca340a761eb3b20180cbff605873

      SHA256

      74236f772103c06117a4650ca2cddbf3ee621d5ec2e1a6eba57a784a5e068f4f

      SHA512

      0b6c8212ef989b99312d31e5ef2d19880e2094a0a19bad8b388952da13f6b894235b914c578941c647ffb7e12771dc28f0532a5bc4ab62bc40ee9229e51d81d3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      93dfb7aef04e89ff320423ae7ea4d0f8

      SHA1

      05f6c2d3906fc6e1dc91e22a09e602edf1f371d5

      SHA256

      c37839d9276081fb2385e69172138dae10b326468a117f3164921706f6e75a95

      SHA512

      9624e246e4650de126b1d3e2ea4ee739d94453aef7717f4bcc0c408babe433c3b7f63e35b495ee71900c3ae10d6afbe15359db6a13a0fc411d66fdde7977f025

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d5f197b3d6e00e2f3627cb853f8b2c04

      SHA1

      88f642e71b208187f00dd6a13ba0be76aada183d

      SHA256

      92f22a313f5180f1ad2612d9cb58f5ad5b3864a01df8c0f7440671ba13d5c0bc

      SHA512

      32cf5a6a71acf18c65b85e71dae7da170900976bf102caf36226ab876547f68ca31c5b4cc5a42cc1c04a4b1ce45147e19987d0d31aa2849bb3a3b58c7c290873

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aeed987d596bd8e333f3cdc9a9b5b4c2

      SHA1

      d60aa2f7869393d1698c1205b1190963e83dd66b

      SHA256

      ad60a0d87bd8ff01ed5a7c0460eb013c59d66ea928e4d9e10d832705d70fd40a

      SHA512

      c048cb60793775f3aff7da11d51fc3c3d471d3dd1d3ca8649a671eb34f49629627ed1cd144c799451149915b74c50858cd53f67e58f8b47aa2a47c85a0d1a83d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2b417a523dc20907315511f94b5ab8c6

      SHA1

      e83f80088a489d3f70620ec1a4f338cf2cda5bfc

      SHA256

      d299f869bb023440f4823e360727f71603fef7000d24d025d5faef94ca486aa8

      SHA512

      65264699bd1cc9af665ca714870c55ba631312668d70389c1e2c371739ef72f6ba9fa372ea5b3da7dba951a3527418e69cf62e3016562ac8dcbbc49d87ae0960

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b627ddb7a72424c7c2b17f59fded9a4c

      SHA1

      70236eeec048f6df47c3397ef41f559be0c5a9f1

      SHA256

      d7c787852acd8199d0f699bece523a98bb83e887acdc506e5392e4bd46429cec

      SHA512

      3006900e9072b777687bb9105a1afb824be7245513a9e1a9268ea2e396478548483b5e0ac4dcab2201c66538f8c854b3b15a2c64d1b8256ed3cf995854f18e54

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f7599c1ef1db7ea85de10950849580a1

      SHA1

      8ce42b076af3b5c03434d455e8249cbddce13bff

      SHA256

      e15eea8ae7bacf06c96729443e9e2f8950416fa16627abb952f9fc3df05ff043

      SHA512

      2c827035fc503a1a3db7a2d2cac2fd26ba35734e24a0105d0f721205f609e78d6cf0fad10c35ebbbfa945dfb24d4de2993ea5353fcb8ec7c165b146016bd25ad

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      312b10f8082fa61be10c31af6b3b16e2

      SHA1

      e130bf3a27ed6e17fff12ed589f7fcb4b504f5b0

      SHA256

      47216716c8218eaf57a387bdf811e84d23a8d8e099debe7d6f8c77b9ea586f21

      SHA512

      5d1037746d6c5f2ca3033c51f5b0bdf074ae6491b60107717e4ffb7acbb6a1fa53f7a5248ca77881cc9c6a5c21ed81520c633d1c31388c0433e9ece306349954

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabDC2F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarDD20.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF23D9D986BDA4ED43.TMP
      Filesize

      16KB

      MD5

      7590309dbd82fd2874d499905b121f03

      SHA1

      16a7e23f8944b41b4a0834bd9c28f2fc691c4d39

      SHA256

      174dd2b5a7ffb6dabcac431507e31e79c5a79c00b7f8511ee5019d3c403c9181

      SHA512

      23c20d494df8c46d9181f2f6a15a590c702290cf28dc58d396fe829f9d354592ec6984365ca1b805b0e8588fd3434ebf4ad27e411f9fe74d02dfe3177c395a6a

      Download Submit
    • memory/2968-6-0x0000000000540000-0x0000000000542000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2968-2-0x0000000000370000-0x000000000038B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2968-1-0x00000000002C0000-0x00000000002C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2968-0-0x0000000000400000-0x000000000046D000-memory.dmp
      Filesize

      436KB

      Download