Overview

overview

10

Static

static

3

4437181d49...18.exe

windows7-x64

10

4437181d49...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4437181d49e96f3274f19f142a5718a1_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    4437181d49e96f3274f19f142a5718a1

  • SHA1

    4c95f579dccc69282090f4ddc89cd73c7aa22b47

  • SHA256

    419550a6e4d323506dac1a43c9cf40cf019b3965354e711f253afef12fd57fa6

  • SHA512

    53c41e6be9c13df149b8ea19864e32945c96cf1d1adf4cc32a33e7af81699595f4072bc3a538ff686d06697f5f6071101b91891db052b2f0feb400138b501564

  • SSDEEP

    3072:9Vji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:95dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4437181d49e96f3274f19f142a5718a1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4437181d49e96f3274f19f142a5718a1_JaffaCakes118.exe"
    1⤵
      PID:2000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2488

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d4c76fedb09e265e75391802dcef2109

      SHA1

      f8ade869874351a9615bb8829973ead9a864a889

      SHA256

      76e5322a68313a2297916f2a363ccff1434b09633223138230622ea1223a9dab

      SHA512

      1032c929c7ce40a071840106f16151add641277fa8b39ba87b2e5a55ddc53b311dc10d499c1f011d538bcba4a99acac61f5c1edb52b978dba81eff63621237a9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d82e422e70fcea31a7adb361d724a5c4

      SHA1

      bb13018df86902d4b92fd02b55687017b2bd46a5

      SHA256

      65fd2ae8638c3dfe07a0dd919afa6ae5e5c53eb0ceff5daa59aa1df29a22364e

      SHA512

      ecb675fb56decee96565b00b2b5fdc021690762b0eca9d3c6dd375e60f9bd5b5963c218d7533bd26b1d7345d7201496c06f0249c375bbe5862b7dc3236d43413

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4400ecafbe8c1ad331062c885656f835

      SHA1

      56f02960154ce7937a0bc534299db1df9579b673

      SHA256

      7f20e2cbfec0b9d89c34775b8fb8cdaf66f933d76c821e4140a080152146fa8a

      SHA512

      524e891b6ecde45c3927b707c9fb038462cad0519bdc37bcf3581fbc97f0a3a7500087ddb256325a4f8a776a2fbbd7012dadf589fb1de569cfd7d0416b0a7de9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0726d72d3296b30664e2afe445e92eed

      SHA1

      e7cd165dca49eecf97250d60299a9b2731104003

      SHA256

      22267ee279c7385123ee835c12aa988c4efa54b6123ca4163d4e94ab8211ba7a

      SHA512

      b1c23ad0640e4e3eb3363007df65b9c0c8216e9e154477f650aa7cbdf5297d804dde1e4b3f239e5cef3f6a799bb57a48e953385acf32aea3f21d2f7760c3aa39

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ee3eb180e08aecc47adabc9562955b3f

      SHA1

      24c6b01aa58280190186d2cc998aa7725554a413

      SHA256

      f55b43d1c12aafa2386cbc3fef607f39553fd0cb0b853723a6e223d682ef13dc

      SHA512

      d05fd7fa65fb1b67d73dda10eb3bfe574a1bc64be4b5e9cc37e4c631d11a644b551178713c65b72dfa68b0e06bd3c77a19234e19799da020e96c886c97589ee9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cbb2e08644f03f2fc52a63f26150f1c2

      SHA1

      3264cdbdeb4b7700d61c032e89454adb0a107efa

      SHA256

      71726ea9df6868e49bb5932e89b5f99b373d863b07dda2bf8ab556ab31e6cbff

      SHA512

      68a27165f1418ebdf64eb224d2677ecca083cda39dd86a1e9d39b16c8d88dadcf87e697318dd334401cb357e039f31206576928025eea96d81f0ea32bf5bcacc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6eeb4df9645f6f9062eea1dea123f0bf

      SHA1

      a4e575bdee644bbc53d92089c6139bba5a885844

      SHA256

      0ec354101e5ce8a8605f9e64479a95960d100978c7f3829d98bd907f03da3db8

      SHA512

      e42e26a410b6d3b1093dd5894389975bc8c679eb04055f823169b12a21d4816b271e3620159c1924ade33d8d8f46542892b2a66cd0f708dd25b4d08bc3616590

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bef3a1b2e7bab97c7abbc9868e52a3c9

      SHA1

      fc8ae5a66f1f3558ce591034ece6a94c19db99cf

      SHA256

      ca6ddc44fdfa74e910e87e894eb1251fe63e00522a576417ad6ed7f2881dfd43

      SHA512

      7034932491c5da4dc1796db6a1e17d3e0ff2384321ac6c92f16bca7f4c090c676561cad6cfbe63484ff32c3af47e4a570ec2e36af4da94015339baefc7013684

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      906e0285aa14518b403959b5c89e9725

      SHA1

      e0e25641075e3abaaab0d7602ab680779e5bf334

      SHA256

      ad210a361f45b8555e2baf4c7810a813038d6b12e3c239f2e8c4b794caf7c7e5

      SHA512

      5ec99b367c92ce2e6d547cae16d605ac7c5e5d0c1c27dab7b6c679bc7b0b5c71b909566265104a8cd0da7641b78bbe79b1eb6d783d4a909e676d9df9d7751a82

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA120.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA133.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA1E5.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2000-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2000-20-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2000-8-0x0000000000360000-0x0000000000362000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2000-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2000-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2000-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2000-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download