Overview

overview

10

Static

static

3

4bc7d5b21e...18.exe

windows7-x64

10

4bc7d5b21e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bc7d5b21ef3c73b7fd1bbc92d593173_JaffaCakes118.exe

  • Size

    293KB

  • MD5

    4bc7d5b21ef3c73b7fd1bbc92d593173

  • SHA1

    ed769cbb2d825b253601d28f51da7c6ee4a4c29b

  • SHA256

    4585f6882a3bd70bf7b2468ce35808190af34335eb0b37f477363bb2f4d52f12

  • SHA512

    a9a2ba2e93873ce48884712589a42f47817f4d4a054e4c2b892a9b2f98e1413524880c48ea3f617258c37b5d63aec959cfbf96527af5769ef53fe4ee60d9ec09

  • SSDEEP

    6144:TJ8mth3sLt+Aqj3FVzpe5ZFzbLXLe86HGrHnQ2Jx:uWJs+Y5ZFzPy86HOHH

Score
10/10
gozi3435bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3435

C2

google.com

gmail.com

tcolleen4463dn.com

v57zfvp.com

hateatate.xyz
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bc7d5b21ef3c73b7fd1bbc92d593173_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4bc7d5b21ef3c73b7fd1bbc92d593173_JaffaCakes118.exe"
    1⤵
      PID:2216
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1712
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:352
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:872 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1980

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e38e6abea5d9c5a4d3daf8258f9e1527

      SHA1

      d0c76154809e7779a718a7feb4873e8dc2c5e407

      SHA256

      0d1e5d6a0128edb2a382ba5514950ef39e68dbb75126b64fa56ce5280ed5a707

      SHA512

      815e21d5f47dbd6686d546cc9de439bd21418ee0297e34ab78b5f2f2e0b078293c516a1b2e12894d0df44a00c7d12029eca535209ed4f23dbf9e33eb58ea4845

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a5e2dca2bb078b5b8fd55d3d92499574

      SHA1

      7a56ae9c5974d9df5c76540a4ca0d555d43b97eb

      SHA256

      524bc5a1d0f22e76c740d3f3392ac41312ac435fc27e7072c8b5714ec4e3aaeb

      SHA512

      0b62ad02932513009e685ed8088b49356d5838b98d5e91cb2e52e205c0472c681af924874b87bf8ccceb4b1cdaff95802a72e4040e19d9dc49518599bfab0455

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      79fb8e31e6dbdcbea292a6287ef01dd3

      SHA1

      ec0187271e58b3c4fbfe4a510cc1e610c170e41c

      SHA256

      5bf083be66550606dc72f853bcf83de841d1767afd48b9cfe0d3fc1b5b22367e

      SHA512

      4e21a19d713fc0bc83560d9a294ebaae172a503fa4078d3a793a2b1507cc1a8ae5befc80cc142367024d7aed4e0a3ce36ed7a63e963cf35db3a7769fcb7f8397

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c4aa8c64b9b0891df64f7b6b4f1a7759

      SHA1

      cd9b0719e42aac5e2ca39f5dc85eeeb4cdf04bf3

      SHA256

      912febf0358f962306cd91a152ad444934a201d66968dcfb755c7d2cb8675821

      SHA512

      e3439334ee45779187e2f42d020fe5b79a2dd62c86e7cda5122683888a95f00dc658348d9eb93b7025a4b9ae2cf52843063e5eb0406fd57072bb631f69c66823

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9275daa4862b1b82be673e9ff3084e02

      SHA1

      ab71f49d939b3d266da341ab13b59a0880af3150

      SHA256

      e9689d1e3549bc667110802534d31bcb78cb0234666db7e576f644de33a5f490

      SHA512

      6378a450eb0a33780a833542755adea4a3548c050b0b49a1683c5173dc95289d96bd0b339025d31ffce08492d5cc5d8f870eafe9f022327c5a3738fa0ffa0271

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8d110e656091b5eabb88fa3399da60ed

      SHA1

      fafb3244d251bf850bcc813468b310a7fd7f198e

      SHA256

      7ff5da20246123de4ff8c69dbc4032d30a4d7bb23e96947b2ee017e5e4013e6b

      SHA512

      eee496912aee769a92928baa703c413d1c3c1def104627bbfe1ef2f2c14d64bb40a741b3eac05d90aa137c1931cfbf465625d8f29505e118c2fdcbcdc0e1af0e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      eabb8ae45f35c4fe52774a5a99ee573c

      SHA1

      9e42aa7ef2db73216fae13d2f7c109fc454718a5

      SHA256

      c1df48d1c8c10c504419183259e8141d752ada87097e265ac084621283b8ffe7

      SHA512

      585d573a0e6dc2506d0b4f94f3a7aa3b86a758887e34fed0051113732d6e413e724144aa9c4c02f877863614c807c8b54d4d0678a47acb6ef9ae2a544645fc5c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e46270490546c7b5fa4764cf75880890

      SHA1

      4cdde4e14e7c7074f6873a2128d34f7ebb8ce328

      SHA256

      a38ce668b1e94308f110c4ce15d2a9cae8f31604acb9c799f5f85b6f90c0d9ff

      SHA512

      9953a6ddb140966b6d64d48c7472dd932d04b8764d09ab617659d388b66b98bd28eb956ca8fa32660e83292d8ff75d62c6896cff4593592a007da8e21a357b5c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      953da83ef3083a6aba0959199883fa01

      SHA1

      0b28261ca88624e1f2710660397408925e05935b

      SHA256

      a16819afe9230513a6800972ac0ab69c04a49b27731729157da9d83eed9722d2

      SHA512

      77c5775e4e56568e5a4da0e329c1666ff053eadbf37cb9f1ff28b7f265990c7184338521f72c2a043fbac07f0ca01568ebd6306958625a5c0c909490f43547af

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabCA82.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarCAF3.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF80B5C11D87BD01AA.TMP
      Filesize

      16KB

      MD5

      8667c5c1163c881eb5d38ab17081058e

      SHA1

      53932bd4fae2b7510661ff1088245e3379b8acf9

      SHA256

      95a66afcc2f45c50e752b9857ab3e3613ead460325ca3051f81120a06b52a884

      SHA512

      b24c5cfeab6197e3b9e06e1a86d36f5b35e4d83039e8037ffebdacd51b4e3774d786e036b698956367fa0438a34a2d96c88576d1ac0bf69cb8a0502fd2cd1fb7

      Download Submit
    • memory/2216-9-0x0000000000290000-0x0000000000292000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2216-2-0x00000000000A0000-0x00000000000AF000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2216-1-0x0000000000090000-0x0000000000091000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2216-0-0x00000000010D0000-0x0000000001128000-memory.dmp
      Filesize

      352KB

      Download