Overview

overview

10

Static

static

3

4787bc42e6...18.exe

windows7-x64

10

4787bc42e6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4787bc42e60d87f7549984a973e186dc_JaffaCakes118.exe

  • Size

    355KB

  • MD5

    4787bc42e60d87f7549984a973e186dc

  • SHA1

    1247fb72258a755d2f30043b9fca75eb7914fc63

  • SHA256

    3cc2af5cf2dcbf9254ab3c0a653c5fb6658827caaf1f8efdaea730afd05ac8e9

  • SHA512

    8c817312f2fc1427590a4de640e428ed2e29d04b0d9027fb4535ded41cee59a1311f22a0e6eec34fbe0875a7c9e582679b02572a1aa69368aa0c19bf93f5b96c

  • SSDEEP

    6144:Z2PfwMqVqOnmWkKelAUNqNCQzH10YLplTjGePo1nWT/jiVIgn:ZXMqVtn6Ke2UNqN7zH1nnPQWT/GN

Score
10/10
gozi3431bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3431

C2

google.com

gmail.com

zuoashlyc.com

x4fwben.xyz

rreynold77.club
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4787bc42e60d87f7549984a973e186dc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4787bc42e60d87f7549984a973e186dc_JaffaCakes118.exe"
    1⤵
      PID:856
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2068
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:3020
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2496
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2000

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b1bd91c20c1b3d3d8c383bef15d66e6e

      SHA1

      618be3f8bafd294011b1ee5cda4b2f456e1d9791

      SHA256

      20eaf2c7a4685c73837fe023bb853b2faeacbef38505aac8db49767e30a26ed0

      SHA512

      bd1e2d2d7ab4f800b44f57148b11052eb9f10de983de760c6f3702dce30cd947d48c17821f80a07276cd3ef26333e48b24425b7ee0b09e7ab54bd156d0cb7070

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      21f4068b922e01837f0017357b1df790

      SHA1

      02e0cec3ae8071684658f0b3b72d3123ac30f1dd

      SHA256

      d5255371b8c07e829fd5acc7570da6e5f7ec0b196e82295ada0234a0e3766980

      SHA512

      30c7c9f022f5158de8c95da4c455762873039c323efdcb91aea97fa27b58c5875dde1dd9f9860bf0d3bbab1f514f3138e99198752513f1f44c72da6f48dacb74

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      52bd76b8ab2fa5abbcc19e06f429a531

      SHA1

      d81a572835fcae7d865db063df4cfd19933dd43c

      SHA256

      7a71eb2f0e025be7c00dcc4fd5de276e43bd349f3028b8f05762549aea46ceda

      SHA512

      cc530a65011ce429fea6b3b670ba157e0ef8a437471c40d73bc3de849504e6fe479d42683c09abdb30db8df73b422830e17eb570a3039e4469eadf02ed4d0393

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      33c694a68a577646d25b3b81afa11602

      SHA1

      d5643d841d0605863c8f945c69ca2c8cd1bf2556

      SHA256

      b6b155e2949352cdb4374fb074f57eb93fa4cc271cc3d87159fefefe2895af95

      SHA512

      aedbb4df1e06bb53ca625340f3181c933be78dac87d76a34ed33f35f0be70a30686344aa2d1fe3c1d7f26c03ef0bf697fcef8f0de3088352723986d5989331d4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      36e2760340959880e57d5a2e4c85a8a1

      SHA1

      16e237065f9a13abcb5d95b4ee5baf4672d78c61

      SHA256

      fe068378fac525c63baa315916bb3c8e7d58b66ec8e96fde6e95d69dbcb2b445

      SHA512

      52dcadc89de60f3235636c3f76a7e7315073cd9cdb3bdd9ca7069371c81d6ce50661b163758d3bae5bf6a88096bb5dffd553c069b51d0c494a04f2844d9be291

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      56ee1ac888c5f677c90289a955362ea2

      SHA1

      84fe8ae3a7d627807398e170d22b8ef373262bcc

      SHA256

      27562febc4f6a4574c4ba0cee0fbdaf08a519cfa8ebaf8d0e2c9114e3bcb9a97

      SHA512

      f216cbaf4cf75bc14c4979f4a9750aa8af6fafee6ebe8b77651e781b2bc6acf71054e6fec8200a1d5272581f3b7b577122c9c539af9ff1cfb7c97e9c78025cd4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ce63d9a49a3d0a99bc1a38d50d6d31af

      SHA1

      ac524c1716771097073c800fc2636fc28912b093

      SHA256

      e8e2efea0363bd05d3eb3f0d594a5b022e68b47cd531c188910be6b19b77d1d4

      SHA512

      b2cd937c4c69c308c1149e79f1eafe482a995ccf2a40861de355aa002902f62e8a0d2dad15a11315eea53becb9ee6844c09941200b3dfa2d153b58c775940c9d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      76a0043d778f7f06ffe5c013899fc519

      SHA1

      dc39e97259bd952ee7a04ea71e9808b7d1da9056

      SHA256

      2de0ebb6d73aa61889194a9438ab89231a4fd98b63bfc55e401dc7f12fde9875

      SHA512

      80b165844e4e4e678d59fae44d1c766534790c746d9de82f6998da03e29bd54ebc9bfef3a679def9748220772e9569564b4a1b36092150378c58c5ccd9a74755

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dbb687598c837f037c7f2eb71375b22d

      SHA1

      7eb587fb24d92ac8597d3771f59b5d0efd919d68

      SHA256

      406e3a6ff3216ae97ae7f027b86c18603cfd594b61aa51f716121fa598bd3b7d

      SHA512

      2730d03e816292c9fd98b90f8471ea7d40f19a5a06a6408fe127a754c3e138b5ae0438b2f10dcebafd6e83b9fae21b34f24ec6d3254e7c1b7ff08c9c0f753ebf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      236153a3482e443b40dde6d49fe6d4eb

      SHA1

      de69ec6b15b416e78d12f7ce6e3dd1534fa314d4

      SHA256

      7835fdcf4447c425e4f9d5bcb952f2f418e15e1960ed3dea76ea63c558ecf2d0

      SHA512

      1c6b4db1695222682feb71a0e5e87b441544f89e98b8e6d93f8a7adcbf17c1d4b5a95dd3e1bc373ed2875d22cb3ab976e1e9acfd68182a283eceaebac7ce9619

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      924cd17f52774be81dec1b8bae135aae

      SHA1

      84ad8ba6a060ef30bdae69565e9ab53e1c53f2a6

      SHA256

      376b4091c8a230401fb087f489e0a41d30e00dfaaaf4f9abed7d8fb8bd162903

      SHA512

      bdc382c981ce89beebfdf66df02f1e1b8d90e0f6372a58fd25078806ab1914f669b93e8713659a36212d315dc61dfb2db2c7a6ea8b1a1bdf757cb7ef04bbe111

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab366D.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar3750.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF688ABEBF5A218A78.TMP
      Filesize

      16KB

      MD5

      68ec02cc4861593e6b27b45db04ff108

      SHA1

      5dfdcc2d7c8ef9d52e7b0418474d9d10b71d5ff4

      SHA256

      8b9497425f42cefbff74fdfe9a8106326da94c2bf3da4911559f85a7aa35dcd4

      SHA512

      82941b30fcc5a604fd69761a50084a9beeb1a9d1c04f8b5264832e54c205cb3fe482a9b33053485d46df37d157ba187a36f2cbbdb49f87229f379f1815815e85

      Download Submit

    • memory/856-1-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/856-9-0x0000000000360000-0x0000000000362000-memory.dmp

      Filesize

      8KB

      Download

    • memory/856-2-0x00000000002F0000-0x00000000002FF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/856-0-0x0000000000030000-0x00000000000A3000-memory.dmp

      Filesize

      460KB

      Download