Overview

overview

10

Static

static

3

48f7efd2f3...18.exe

windows7-x64

10

48f7efd2f3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48f7efd2f343bdd050cb23d3f9180a8e_JaffaCakes118.exe

  • Size

    455KB

  • MD5

    48f7efd2f343bdd050cb23d3f9180a8e

  • SHA1

    d3dae9aade87fcd3324fcff97d951ea5ae512b5b

  • SHA256

    d210d7f79135d554ec4ea11a3e193e8bb05e6941598c99c59705bcb3068898d1

  • SHA512

    77ec6adb21a9148065d2dfda65aaac2acd814ecffcaade9cf2038180f88b3915f1163e327d40ad69ceab74f847b15864349c8aab7c8881d57df8d022384476f6

  • SSDEEP

    6144:pk69oa2DnZot8e/toa/YhFdNtH9dXfZNJIYb9eHg1jgw:pF72DnOt1NQH9dXRgw

Score
10/10
gozi3183bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3183

C2

v99jarret3287x.com

huymireyai.company

so64a92elody.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48f7efd2f343bdd050cb23d3f9180a8e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\48f7efd2f343bdd050cb23d3f9180a8e_JaffaCakes118.exe"
    1⤵
      PID:2444
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2524
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:448 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2284
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2128
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2212
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1796
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2504

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4d63206a7a8219d199df63dd11995cbb

      SHA1

      573f6351adaea00222f276fd192bb6547ff067f2

      SHA256

      4f3ea5e5f0dd1bd4a5d3ab9137dfdbeb2d8c6b58bc29426355ff40c56dcb872a

      SHA512

      484ed310acacef6700a2e882bd41a15454d13f92efe826d3dd782c5b21f1fa6762f0b058cd074cf8acda1344c69ae186b8d1f54c224cb08890aa90478a102553

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7f80d3580431863e425e898204e6f781

      SHA1

      018dec4f732ee053d9c4f52efd7f665dc7e40381

      SHA256

      b3a2de51b0b8c3bc9608fb0325201a5969333a8c3543f3f30d1189fba68fbc13

      SHA512

      669b54fe3693735f181a8ea827f0a37639ef1e760acb4607c0f4deb7e03c0e354f53414f8787b469941a384553b9eb1de04e3990e6379bc89ba714436d6f5469

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bc3ac3e4e40a13ce7a360bdb7eebe124

      SHA1

      d948d2cbdf74adc4fb929b064e2fc723fa559061

      SHA256

      b8763b1646353f9bb652ab1045c6ecdc02d223078a7bcf37bb2bae653393b900

      SHA512

      b27f76dea9c08b295849f49e7926d20ca5c210c790ac1cea74649217301d319bd9efc79c38e8765e7e0c2495e94d5bd68029a20b629b143d7c1d69eaea7ff9f5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6f99eaebe704f655c86cc51ef1c34b13

      SHA1

      aaf431aa8e31fdf1bc77f6aebf85f6acbb95c3a1

      SHA256

      a1e5a4feef0e4e0d62e99b12d77c0d0d725f28872f50305256098371ca7c95e3

      SHA512

      941c9095d9b9a37e826fe9c6ea4f63b9a60e90f363f3467a96c6f9bae7c089370d997c868e7124a9ada52e73dc6b7e8c8469dc0e446633ec1fe91712fab7663f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f02ad6c982db44bd0b72f458ca683e1e

      SHA1

      b556955d4efbb8ba6d9316fd8917a7ac9e2b4cd1

      SHA256

      abd219cfc54d9bdeda22208acf3d20ad31c553f2ba093d3a04be03ea5b46ba29

      SHA512

      019a3704de0d564374fa10c709e9b706183fcb651643ef04cd3d14547f99943bf4dbb709e06e2ad98a11edb9868ada38e91a9f1fec6053d3f43cc25520c47c53

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      219eb03064eeba9913464401974cdf68

      SHA1

      8a96ceda2d784bdba72d6a4d36d0e9b4729d59a5

      SHA256

      e8c68765536bad35583b5422fa90d7baddec8beeb5660d8d9277748f609e9bed

      SHA512

      96a3d9af86c7d3a14da08a1f36beca2eefa50a59e4fa486769da50f15599bc3f1cf4e79386e283201d11135731d1e1f708801b6e20b7b93d22840e4665d28405

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabB84A.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB88C.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFE0BE6A31A4C638B5.TMP
      Filesize

      16KB

      MD5

      489b5a477cefde8f4b5997d58390d952

      SHA1

      ac0c0219a966f9c43083453363863696d323b32b

      SHA256

      76698d4d08d37430eda97f03824143b03cded03934f37ecaef3aa4b99ec16a39

      SHA512

      aa072713fdf9ee48c1d0fdac5c527d3c0daed27ddc3d23b1a7a495c85757da25df5960c9480901e14ddf8558b303522f7b9a218fb4bec080868d6336bb05dbc7

      Download Submit

    • memory/2444-8-0x00000000003A0000-0x00000000003A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2444-444-0x0000000000E80000-0x0000000000EFB000-memory.dmp

      Filesize

      492KB

      Download

    • memory/2444-0-0x0000000000E80000-0x0000000000EFB000-memory.dmp

      Filesize

      492KB

      Download

    • memory/2444-4-0x0000000000280000-0x000000000029B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2444-3-0x0000000000E80000-0x0000000000EFB000-memory.dmp

      Filesize

      492KB

      Download

    • memory/2444-2-0x0000000000EC9000-0x0000000000ECE000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2444-1-0x0000000000E80000-0x0000000000EFB000-memory.dmp

      Filesize

      492KB

      Download