Overview

overview

10

Static

static

3

45e6b81fdf...18.exe

windows7-x64

10

45e6b81fdf...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45e6b81fdfdfaf9a582da71ee8ecc31a_JaffaCakes118.exe

  • Size

    243KB

  • MD5

    45e6b81fdfdfaf9a582da71ee8ecc31a

  • SHA1

    4cf4ecf9f7ed6c679a56ba60ce2f31a641b7706a

  • SHA256

    7ec041d61421cad2722cc5af36301213f0503a97fdfe44c15d6ab736e019ea0a

  • SHA512

    94f235393a6fb2964e5254f187ce85daa72d2a77585af236e7064a0eb96da7154587a2fd83e53f3d3c5c3de78e3b9e455294304c3f8e4af4ad5eea2d28817ca7

  • SSDEEP

    6144:EDLKwp//Rucg4LF3LPqYRQfoF2Cdnd/H:ILK5e1qBfoFFdn

Score
10/10
gozi3515bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214098

Extracted

Family

gozi

Botnet

3515

C2

google.com

gmail.com

v61nkkybd.com

dee12yadira43.com

ffhyyo51y.com
Attributes
  • build

    214098

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45e6b81fdfdfaf9a582da71ee8ecc31a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\45e6b81fdfdfaf9a582da71ee8ecc31a_JaffaCakes118.exe"
    1⤵
      PID:2972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2480
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:952
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:952 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1660
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2544
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2544 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2660
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1344
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2356
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:544

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4b55da45628abb4f513b9ea27a8cc31b

      SHA1

      bb33caf37da7cee70d1e3c61d01231a6385ff8aa

      SHA256

      6b4f50c8cde9f70f021335a7cf1a6f9fb190bdd63ba2d6fef97d8b7076b7bcd0

      SHA512

      f41315afd28fc923013d701e0e25bc75fd5c8e0678d35ce9fc59f9463187874ecc3393c09ef9892f4a4839485a016dc46cf6bc11ef66e66e973f51d11896b360

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      da334f7990e534c318d26c8da985be78

      SHA1

      21f3f49c632ff12f7aa1b1ba2a8ec35a186efe46

      SHA256

      5687412ffdd597e42f5805a22363e935eb3a1071536133862c74006fb2ae5831

      SHA512

      7b82338808a02cbff62f633d8d952ea90303a8ae2a54b3a3dea4bce84f19b8ad243bcd7e5578231f6fe5952d08cba6b2ec53b0cf4bd7be9bdd8c8a5fbd08598f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e4cc9961b86a889f4c5730e848b36b88

      SHA1

      42a0a51996d76031a0af4b21e8f036630ee369b5

      SHA256

      4db64a0e1000dab83057891378045951696ef8dacd2abbd731a3e7cc9061c0dc

      SHA512

      3dfc9d2148d53c448fff8dcb440320d6400da2404c1d167cde0ca8e924edf60ee99c6c5a90ca3acbc22c4b93fdfa85b2371ce490363709d739d801e7f5903885

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a19e2556edee1819d563e847aede6290

      SHA1

      e09f2bc6969fcdd0d826fd3cce32559cc36408fe

      SHA256

      6872557ec64807104a719f9fd760e70ad7b8679bc9a238d5443cde1597660db9

      SHA512

      215d486907cadf1fad14a3857b299f15674d6cbd720b4b530b02fcdc4ae574aeda43e5a9a321d720152ca8bfc2c4bf37e9bd851a72c8802275f5d5d37603fc0f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7fcf47961ef201808c87868c0d26234a

      SHA1

      ab62e509aa83239103c48515961389eb6fccc4a2

      SHA256

      518982b28e0f516cf46f46d1e5d175048a04e3c212cf2ddf27b92192e43df95f

      SHA512

      e37d157a01ac8e3971c9e3cb2ad4aaa2012ee256109a1146ef10314fc495ee9e6262e529726660a06d81c09df750a453a5b13bd0d8e5ccacacbcd7786796352b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      37920486461d3ea8dbff0811f94c9631

      SHA1

      9372bff068e774b063ab14711d6d7847e122e766

      SHA256

      841115bf3e589884f54fce20bd03b47f4c90bdee8149f622cf82569118925a08

      SHA512

      721e3940d3ec1dd7fe3cb64eabd0b3a8fbfe6452a6aa2582ffd8532015546fa7572d2fa96fc2d1406e5ab2da46050cad325e71ffbe58c37023b8ecce7ad6c6fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5f6b81f4bf3464d82d5c74eedf7bd1ea

      SHA1

      81e2ee049980bf4b7f58f3d4e68c08b32dbab069

      SHA256

      7ccf9c266332cdd91dff03f927e88079adcb17433301aa2b066fd7f40ae6550c

      SHA512

      fcba776b1cf94b171851e6bb41144391c378ab7af4d7c7ee364f75f4881085f3d9b1f4f556f075bd940768bb47f16659e919027d5715d5c4d1ac47bb8fa698a9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\robot[1].png
      Filesize

      6KB

      MD5

      4c9acf280b47cef7def3fc91a34c7ffe

      SHA1

      c32bb847daf52117ab93b723d7c57d8b1e75d36b

      SHA256

      5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7

      SHA512

      369d5888e0d19b46cb998ea166d421f98703aec7d82a02dc7ae10409aec253a7ce099d208500b4e39779526219301c66c2fd59fe92170b324e70cf63ce2b429c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\googlelogo_color_150x54dp[1].png
      Filesize

      3KB

      MD5

      9d73b3aa30bce9d8f166de5178ae4338

      SHA1

      d0cbc46850d8ed54625a3b2b01a2c31f37977e75

      SHA256

      dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

      SHA512

      8e55d1677cdbfe9db6700840041c815329a57df69e303adc1f994757c64100fe4a3a17e86ef4613f4243e29014517234debfbcee58dab9fc56c81dd147fdc058

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabB848.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabB936.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB94B.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF764D48B6118B3DCD.TMP
      Filesize

      16KB

      MD5

      8a857449a6057eb1a3d5e8aa2b882a59

      SHA1

      f7a1993c285d21ee9893392ae7c82ff12d0f7cb9

      SHA256

      a6f3856bf04f1fd8400c86cf3b98fae0c0cb198acbffef4fd0b45438026273d6

      SHA512

      de172ef6b96b2d3cc4732021197be9f1564b02660afb678e4d96a8f2e222c496348b91198fa073f03ede2ea5ba230932bea91438949a2bc5fbd272f2387d6573

      Download Submit

    • memory/2972-0-0x00000000003D0000-0x0000000000508000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2972-9-0x0000000000230000-0x0000000000232000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2972-3-0x00000000000F0000-0x00000000000FF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2972-1-0x00000000003D0000-0x0000000000508000-memory.dmp

      Filesize

      1.2MB

      Download