Overview

overview

10

Static

static

3

5333a80280...18.exe

windows7-x64

10

5333a80280...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18-05-2024 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5333a8028037aa7f930852656ebe1ef5_JaffaCakes118.exe

  • Size

    296KB

  • MD5

    5333a8028037aa7f930852656ebe1ef5

  • SHA1

    2ac783c46074084eef9d4709e6d988870d2923bd

  • SHA256

    664ea322e6547555932ef477e03fa5b953ec980a4ed4300fd91d8fd86a325e09

  • SHA512

    ace591f9dc7a1cb329c0c813e431f88e0f97644e252e81a1069ccde9592804247c444686d85cd71f3adbf1ac2b2d8d14d8129052991e5da0c524ec4a166f9ee2

  • SSDEEP

    3072:zbwmc9TBhxwFKZGWmk7XUzlvxHaQKA/2NND9vcJHCzSW2rSw+GAqYq:z3cxBoFPWZwxxansY0JiOraGZ

Score
10/10
gozi3537bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214107

Extracted

Family

gozi

Botnet

3537

C2

gmail.com

google.com

fjavieryvette94.com

wk1122roxanne.com

gs85elmoreobs.com
Attributes
  • build

    214107

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5333a8028037aa7f930852656ebe1ef5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5333a8028037aa7f930852656ebe1ef5_JaffaCakes118.exe"
    1⤵
      PID:2880
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2500
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2592
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:288
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2ed2ab69daf50dfb8bfe8caf70216a1f

      SHA1

      d1f2ce482dfccea4fa8b1d9bb8d527cb4db2043e

      SHA256

      38074ea2eb7e859652d97ca9ee656de2fcc82a8c0b5f1c6fb2f18de37c78a284

      SHA512

      3a020bfaddf317a17982347ddd903e1b43982923a9c36d02542d243d5c4419c549bdfa50caebd56df089989dac73cc370388ce8656046d6116541d617c78ff38

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      70132b11713c2ab4c74d8cb6f80eb0f6

      SHA1

      571d51e394845a4900c3455ac2e530e6b8908f2c

      SHA256

      53b781517cbda736615c729440b0e19b954f7b9e8f46a1c7f4cf3f1209cacea4

      SHA512

      c23c0b9b9a4dc6c678634c0bbabe7e155415814ef851c4332a4a8de908082460e41b7a7ad5384a820bccda7354b169b96330fb6ba344b885c4e4b8a83c541800

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2015e9f2905638f73ab001e1df9de0d2

      SHA1

      1432629b9321ab33ae7868d8991fe5c1fadb86f6

      SHA256

      9360e6f1c106e95b9ed1c747bc315674c8623b46d424b0b06a6fc0c6773b972c

      SHA512

      d5b2ac20c6cff7d735c63fd8c1f345edfd72ff42b669693f7495ac4fde38fda0a6d2b9d3e20dee189a7dcd24db9bec85dd0257d65d9db7d21476595ec08ab30b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      70ae76d4211c2a0f2aff1b3a5a8c9d91

      SHA1

      fa221d7179ab9218d1200be8626c46c3ad62f953

      SHA256

      76eb5f7da1f3925dec1c6407c51981ce72be5240c236f45220b9db1ff251d994

      SHA512

      4433ae113131b962a46220ab0e1e24fe2a185cc20f7e6ee45694591ff11ac837b782eb859681799528719f25ba32d9358f12e452529606248f6d5728eaa1c72b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      831ab331b7fe5c171b721869551929fb

      SHA1

      8e5580a3da89aa1d5cc28dfb72362da04c3aca8a

      SHA256

      0e0f5e4ddd7ac5798c7120f275aabecd699145508f8146aa9629deb9ec41648c

      SHA512

      e8b1cc29b33566e1b84db08c3c622c898c1eae4a75848a95bd4aa752df25f763731c4c778fe8b2232c839bcad8218d9f3bb078d600a8d8b8b23d44cceea84188

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9ac9136508e3263ee00d0b3b9e1f1216

      SHA1

      931efc74e99b31ef0d55098d1fdef3718d6c57e3

      SHA256

      5639b8e2b1ce9184449f07077826fa26d006cbf6711deccbfed142ec4870280b

      SHA512

      d5b855f821e1271decd4c2b875c767295634552bd2d41f01b0c1c6f0ddf03b7f576d3cc0db2dcc0331c079e3afed9c22c0b548cbbeefc8af6953bf6f6669c777

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6b4808e452278153c30304d13774bd0a

      SHA1

      a3d6d2c51344774dc3b429127a8faeea56ddb51b

      SHA256

      19713e8c690b99e90d6ee821c1be763e1cd3a45a8e615324189d4fcd1f3ac155

      SHA512

      dbaa5e8f7c931c99107a27547b8c7c3c7831a9738e0e05d522827d837dc2d7e53aace5ebda2573abbb75e43d3c1bab246a92ab8a57168ffcaa96942b2b5394ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f18369a85a9331586b6704e81e714f20

      SHA1

      8a5bb13b34d493641aec9367a08cce16590cb2b4

      SHA256

      a36eff5c329f2a38b359a693373c798fa393da307e8b61cd913f055f3f6a5d66

      SHA512

      30d868637755e96986488449ea1bea07cd5b4dc975278de32109fa00b0b0386286247ad0afdf3bc3284154c01a95e394068b5d5c86b5f681f73cc83086feed23

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      52a11b1b3528c105d3d5f5a33c3537bb

      SHA1

      9c7337f3ba421d505cf19c883bd5d802975ec2d5

      SHA256

      d58383a8ab24da95684a4143ff61e5bf9c40fb76ce2e48599e936d44eef27057

      SHA512

      724dda2e596bfb207daab03b6f04b75ffe6fbe01ca1cf9483308e6b0a59fa8dcaf9b5e76b0c23b179ab54c2f65ad12943200c54b52441f840176f10989fa9bcc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\googlelogo_color_150x54dp[1].png
      Filesize

      3KB

      MD5

      9d73b3aa30bce9d8f166de5178ae4338

      SHA1

      d0cbc46850d8ed54625a3b2b01a2c31f37977e75

      SHA256

      dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

      SHA512

      8e55d1677cdbfe9db6700840041c815329a57df69e303adc1f994757c64100fe4a3a17e86ef4613f4243e29014517234debfbcee58dab9fc56c81dd147fdc058

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\robot[1].png
      Filesize

      6KB

      MD5

      4c9acf280b47cef7def3fc91a34c7ffe

      SHA1

      c32bb847daf52117ab93b723d7c57d8b1e75d36b

      SHA256

      5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7

      SHA512

      369d5888e0d19b46cb998ea166d421f98703aec7d82a02dc7ae10409aec253a7ce099d208500b4e39779526219301c66c2fd59fe92170b324e70cf63ce2b429c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9E64.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9F36.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFD1D60DDD9D9DD35E.TMP
      Filesize

      16KB

      MD5

      aa048f9af219a09a37f9945b6ff139ff

      SHA1

      ee08b184e564c0da9f96365bd266b48c2c2c5ef0

      SHA256

      499d21f8be7da9a02a4555024aae7ce50c16f9a54ee24dbba2ef87c1d308b266

      SHA512

      1a0000f560fc4f6b7a2ae6091941b190b47853696b92184b0219b170ae7d6c9247afa81f31f3fd093ad3dab4a73bb7d82e921d391840f481dafa40b20370fa8d

      Download Submit

    • memory/2880-2-0x00000000002D0000-0x0000000001323000-memory.dmp

      Filesize

      16.3MB

      Download

    • memory/2880-0-0x00000000002D0000-0x0000000001323000-memory.dmp

      Filesize

      16.3MB

      Download

    • memory/2880-1-0x0000000000310000-0x0000000000314000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2880-3-0x00000000000F0000-0x00000000000FF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2880-491-0x00000000002D0000-0x0000000001323000-memory.dmp

      Filesize

      16.3MB

      Download

    • memory/2880-10-0x00000000002B0000-0x00000000002B2000-memory.dmp

      Filesize

      8KB

      Download