Overview

overview

10

Static

static

3

4f5b140540...18.exe

windows7-x64

10

4f5b140540...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2024 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f5b140540f19f1bbec1378ed86024db_JaffaCakes118.exe

  • Size

    197KB

  • MD5

    4f5b140540f19f1bbec1378ed86024db

  • SHA1

    0e2be7fb2747d68fdad5f8c0d171f347601bd5bf

  • SHA256

    4526c11da57969e426061e372d7e467f284f600e8cab30f2334a1645485eb80a

  • SHA512

    527c3000d4d52e4190f29ea87f990127023e81e8378a667ad9fe56307a60683627850f3a39d6669044f0fe7d8d782680e3dc16f20a23803b2e3d07417b659c5f

  • SSDEEP

    3072:cWDdCZn+MHTptyZ1+5Ck15lxYY54Fp3QT2kZz2yDj0EQ8x7xSJM7UmA0ox6:cWkdVlS1oCPY5+QT2kx5HlS27Umg

Score
10/10
gozi3135bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3135

C2

zweideckei.com

ziebelschr.com

endetztera.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f5b140540f19f1bbec1378ed86024db_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4f5b140540f19f1bbec1378ed86024db_JaffaCakes118.exe"
    1⤵
      PID:1924
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2492
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2432
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2316
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2496
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2348
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:480
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:480 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1388

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      64d9c48605e913e74d3ef8791eb02ea4

      SHA1

      40bb593fe72483e5959ad02dedb68cbd86694897

      SHA256

      9ff1d6e755a53c34407cbc7d88dba2bb7d35a2c35313cf594dec30915fd032a3

      SHA512

      6215d74b0942f6cb1107b847f4a9e7c34bebd46bcb2e7756ca4e0ea92f098572dfe38e9e6d10087e1d54e81b9e8d4b3958ae3a160a196c7ab08cec48c95a6cff

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1ba744211b8928cc894eae5f3c8829d1

      SHA1

      a52a3f671e66f497005ae81ee6952e5e7ee1eab5

      SHA256

      478568292e19edd0d6af0a7d85e25fe6a754a9b8aa465d387e50cf965f9666e4

      SHA512

      3c46fe40583a375900fdffb2ccb9abf1cf5da4ac8e4046683cc544316d587507cd32e055bb63d2983a00a261fe96fdc07df2f479bd086a8797c461ccdbb6cf51

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      03965178502b690e59cbc95e14caf341

      SHA1

      58df25533da7f15ed6572d3d771940cc76f484ba

      SHA256

      fba0c2ab4cdb26dd33a0577fd925d9edb8385c5b32a9f587d633f163a7dde341

      SHA512

      365a06798c693803d0b20c89c7ebe3112a65d1792d85c8b40e03a14906eaeabf1da8203bff0efb1c1dfc2d70de2fb46b80490cd7790b80182102805f41b19018

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1bad476ee5da492ed59f596fd3414fb4

      SHA1

      8eda79a4a4c4805805dda64b511d40d7d8b934a7

      SHA256

      505de11a7fa04a0210bc21f6958a1cd647401856ce0ec51dbd722d3dffe20397

      SHA512

      fd02bea637a7e5ec7adeda7139ef47d9dfc6c669eed36042665988e931555f5f6980f1701b031cddfc670c72fdd2e2a2a6e7d71533b29aa98e86d4ee653cb23e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a70c9f5dfa98625676a3c712ae0f413b

      SHA1

      0c33d61f2d964c35187f1b591853a46820e26c53

      SHA256

      63fcbef7e4c4949ef1555a3f6605e066dc679f159772c82f2064b19a59a6741b

      SHA512

      c33a9584eab331a8b47e98dacf319f6dc8f60d533777fd574ed9dbac5752059edfdde66d3873b8b01d1bc446d52a8d2715c493b46d7a8e21d1efb0a7d71d6288

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      21a5c1ae3df12599b57265c2bd19282e

      SHA1

      0c71ec240f266b493785f11b40454d077f19d797

      SHA256

      bc911c951328f0e25a1c8f16a70ed5eeebf631c335791009cb0c1b9a41eccdb1

      SHA512

      02ebafe2578c4841be75d3b6e20499ab863f6be13fefe605efbde8021b30743a530c82fa39212840b47d18b9bbcacfe7dd90f0892b5cc05c8e7155929b7dce12

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1501ecf1e6bee15b50c4e92fac8c261d

      SHA1

      9da22f47afab69efeb63c1427233eef7ea859347

      SHA256

      1292c3d89949e2b003ae49f76960a7d2403b4d4f36d74e7f38688443270dc2f7

      SHA512

      07a45ae3013c513b1a5cadf5b4a79831a093720b7bf1ef582ca6ce32d8519059e3bfba87d63a3747a622128fd5855c35466f6a22d427d56c235edb0e7b20c412

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8D34.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8E45.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFCD8D06434112D3FE.TMP
      Filesize

      16KB

      MD5

      e3577ef341d526eb53b1907352c546d7

      SHA1

      f514a8713111671792b508a452ea0e0af6f47d0a

      SHA256

      b878641a391d2d4bca95e79ea9676f4d1f3338070e48a1abd7e0a4c71478b327

      SHA512

      3ca064db72ac783a43fdefe238ae141228b6dcfd066553d650975097e6bea5ae0f97da9ca185c8e4d4e1050f45e64ac246d7a9e22582ebf20c1a035aa2ec3c07

      Download Submit
    • memory/1924-6-0x00000000003F0000-0x00000000003F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1924-0-0x0000000000400000-0x0000000000447000-memory.dmp
      Filesize

      284KB

      Download
    • memory/1924-2-0x00000000001C0000-0x00000000001C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1924-3-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download