Overview

overview

10

Static

static

3

50c687ae72...18.exe

windows7-x64

10

50c687ae72...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2024 18:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50c687ae724cdeca291a8b22afda15ea_JaffaCakes118.exe

  • Size

    139KB

  • MD5

    50c687ae724cdeca291a8b22afda15ea

  • SHA1

    796586343d53717f48425d85d6824b30576cd139

  • SHA256

    4240b7edc1481025850135770a0309c00c3b282312c7377687b755ba1983881b

  • SHA512

    81dafcce466d729b5356515b84bbf7fdf69470258797565cd88bf6e5ecbe5d6098606d55106b8a9dd251645945bd0f90593e382b57e5251b9f7893c54e5900c2

  • SSDEEP

    3072:K17ujx+j3Y2QoGRSd7I9VvB0i+Enq5L0pq/43M:Ktu1+j3YJ1RIwTqL0c/j

Score
10/10
gozi3134bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3134

C2

zweideckei.com

ziebelschr.com

endetztera.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50c687ae724cdeca291a8b22afda15ea_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\50c687ae724cdeca291a8b22afda15ea_JaffaCakes118.exe"
    1⤵
      PID:2196
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2208
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:404
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:404 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:3032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2112
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2860
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2476
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c50b55f176bf86cb9420a5e1b41f1cf9

      SHA1

      9d57d40d3b5994f3d9b45c6a4939f7dc354d7bad

      SHA256

      ca37bb4872fc6c0ba2ac3036a668b295fc7098c497ff7bca72f76a3b6e1a34c0

      SHA512

      f68328f44de7ea3032ef1efa2bc67d46fd7c5b5aaf8952ff9ec28c0248458ed55f3cff3635fd37fedd1dc6b80959b11b146d331ff834a188b921e7ce90cb2a9c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      36a009207dfa54fa1c53f0b0031fa9ae

      SHA1

      1c030ca97e13432273248fda5dd228259272221e

      SHA256

      886b377641873a0a0c11ea08fc7bd3f1c5344de7bfdbb7831d93e7862ada985c

      SHA512

      828b8135259d97d709c72438cf96d4b6b099e543dcaa0b9ba9b600c52c2f316ba54469cb2bdf407a9c0c1c6c98276fe07dd3ca3e0e1cb1dbed5515ea5d597945

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      05901f71bdeb118e69a43328c7c089b7

      SHA1

      9b95c80bdf24a5ac119ab58646f9eb1223cec401

      SHA256

      24435c4006d357b5b9c895a423a94a7c635cd8065df2be7be5a717ff341d0b61

      SHA512

      d2eef55686f76c8a5cfa67439373cdf8227c098d21ba22163e6792422068aad5ef4d0bdde22c66d4c0e648a8ad8b57250a8bbdd92e10a1b3f10854cfefc2cd04

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bde442a7cbdb7bb8d1808b2934a73361

      SHA1

      bdabfc75435754959bb9528b8555837858c2a193

      SHA256

      4fb23fb03a7219c93b83fd2c333d761b3b91d633fe3e5a28bfe6c8af6eab6be2

      SHA512

      76b0e011e009b13bf0a7bab29a679d734b86101cf74e19e7b8081e5353e5b5b76799976f3090fc0f20af9f61e148f26eed916d849f7a20b2aab6fe4dfcedb4d6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3c9775cddba208958d03a31b0db8b9a2

      SHA1

      57d64b5ba8f90ef25373ff130f607e5ce9735564

      SHA256

      8109dc304404a5cb0424d84abc1669324e9402b718a712a433c928f74d79469d

      SHA512

      e94bea07451c04fa43d1e26656ede7dcf6c5d676e4b387cbd715ded6b1b2a8cc549991da302feaac58072486eab10cc0e3149f709ec5b3d57259dc31dbbb1eda

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fbb68603eefc490b56b4e9454c7fa977

      SHA1

      e047fce96591cea87d1070d710273971a218a12c

      SHA256

      ed9c9feb184476f3e3449b5051045bbe3d412895f7184dcd823911a70556581b

      SHA512

      7ac9bb40eb6525c5579b6cf2bc5987ddae2502d5718d6d0036fe2d2b3ea41daafca2b55b9c79627c696aebb9cca3307330c9ee8c4b7e0210d4442169dd844abc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b31565768aa14d675d178404bc0e6aa9

      SHA1

      a40c099f6e5ba75aa80f1571c4076f40b1a108bf

      SHA256

      b8549337dd638ccfc3b646fc2af93497f01e5f7a580d3835a599b4408921e423

      SHA512

      48261afd9ff08eb42fe272ce94807cbf1708f66c054f1d69ef694a875f84d641ed93ef47ff205e1b514605366073ff5e12341949ddf8ffcc57795d858d47ef9c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b98406095333e5e539ef7cffc6bd9b6e

      SHA1

      ec0c001d0c084222f2d8da3f9e079543e7c06802

      SHA256

      d9aa06e41c234650ef77d6049fa02cce7fce45a4f8341d4636713560ba7996b7

      SHA512

      8fcc7f368f179040752c5f9ae0512e09f7293a146c6830626ad1bb09aff2d0bb03db14fef1d139d137535388c191880f396ddaafb7ceaafa6093dde89c0d71ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2b0bb17e560e2550cd225fbc805b0977

      SHA1

      59ac337e5c215f01f830419b361645d67f958a5e

      SHA256

      88117ae4ae365790fdd454f9d8d8565a06c554c8f3d1c65045a0575b46f66f11

      SHA512

      77b3455abb91f065b2840c85e7f0cea52fca48fbdbc814e0d90fd98a8c9a2fd09712cfd182eb8906b81d75130f36fbb474bde5ac89be1bc228c28afcd7531ba4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e0e0c7e308032127004b361c1310fd57

      SHA1

      7ecd7c5f3e36f90eb0422a08163fb41a6f6f86e4

      SHA256

      9edbf209eaa7e417bf9c23e41207af702a255d4b174a6ccebbdf3bf168d27728

      SHA512

      4bbaabab7cb178dc8a15d904b3dc32252b718643a64727c4c2d3a8538146b89ddb5cefc427b46267f2c06223ce5b5ff00253fb5a9b1135f32b99c79d6e764f70

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      979b5cebe5c3910fec48343c50bef12b

      SHA1

      56375643f6585ee76294cf6fe77d9446d4d32f30

      SHA256

      9bbf4c1bfd31c9f99f0591570baa427ad58448855dc6660ad9b00d6fc11ed857

      SHA512

      f7f17b9d730953b3299c35c8b7d78473e656a36a04bb778dbf9622270a51394698406c19690c164b7c4eb26d2fd19ef29bdf67d93009a705392a3408729127b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab97AE.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9811.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFE8C5F9AFFFE6978A.TMP
      Filesize

      16KB

      MD5

      c5dfa688c185e958dd93a6d60058ab74

      SHA1

      ab3b316137cc0c38e836aec04891eff5912cb5b0

      SHA256

      e4ebb38c86c7ebd099e7106dc53b8f29e54252e07f63bba64ea5e79d0c17ea55

      SHA512

      6ca6837a0d55fbbf302f44cba887e7d21bd6676f5aac515d6ced3e088970529fe40df3a40484b08dd82e31bb8f1294c93905bf000ab19dbe74f291774ea581f5

      Download Submit

    • memory/2196-7-0x00000000002B0000-0x00000000002B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2196-0-0x0000000000400000-0x0000000000431000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2196-1-0x0000000000400000-0x0000000000431000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2196-2-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2196-3-0x0000000000260000-0x000000000027B000-memory.dmp

      Filesize

      108KB

      Download