Overview

overview

10

Static

static

3

595a065eca...18.exe

windows7-x64

10

595a065eca...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2024 07:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    595a065eca602e968cbc355b7d7bbd19_JaffaCakes118.exe

  • Size

    485KB

  • MD5

    595a065eca602e968cbc355b7d7bbd19

  • SHA1

    04920a67771d8c5c6d3ea141d46fa8d0d8553255

  • SHA256

    eb692a6f1563552ca072a82b9d23826b8516e94d49f5901866dd9246848d392b

  • SHA512

    0d8d1fa7d4b567e32422d9b2c4119d356768e06647cdbda8b11cfe3b317b73f029d15a0c804fc53af40e32688f404df700b0bc3b884a6ff924975239faa83876

  • SSDEEP

    12288:mD9UDevpMtdoe83GWLh6iVMGPMtYLwqYZy4e:hiq/H8hh6O9MtqHYZS

Score
10/10
gozi3140bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3140

C2

isatawatag.com

bosototsuy.com

atamekihok.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\595a065eca602e968cbc355b7d7bbd19_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\595a065eca602e968cbc355b7d7bbd19_JaffaCakes118.exe"
    1⤵
      PID:1976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2500
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2440
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2000
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2112
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:316

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ab4ddb6b6a489b34511fdc24a84554fe

      SHA1

      c7c66865244e7f92659c8a34d1e9a39442613428

      SHA256

      30f36fee29c069d53c6c55c59c373c02cf4aaea8f0ec8db043258f895a001d81

      SHA512

      cd1fbbff7ec908bad2bddee1a362b11cb667ead7003200242c17f2dc0dbca4fe3994c1586da7f3a61387de7ed4f1e1205bca5bd5ec8c24509055668260ebb0c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aa92528383281b807f516e2b221a5c08

      SHA1

      763a2419cb197e1ef967da8dece9f738d3a647e0

      SHA256

      ed424b88f974612df22b0b00b737bb0924c02b7a5618ab4d05f93dc381fdbe26

      SHA512

      67ee0e2c2e6e98f109553699920830dc81481ccaf5ab17ba5b2e49131253208d4163d56fb4dac310ae2f4eb0598ce3a1999b46b35c081748eceb729887a78ccc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c2c7f76f9288f8423b7e1a18322af53e

      SHA1

      00434b1f364d436ee79c3c84813bdec098e080e4

      SHA256

      e13c8490a3ea0d3ce84cfa042670cb700d5d8979a08b7e56d62efd0b43729e3c

      SHA512

      f7ace7deea91db4035b9b1d8cb88eb2f6761ff9af402ab8fa000abf849941563dbc803ee6e13abf753bf3838c61cf8675414cd7c5cf046ce236eb1efff62844e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      90ead94ab8fceef553387dfeeb537a09

      SHA1

      c97acd126018082e87f8a9a9091b0218fdc2f155

      SHA256

      f5e1b7816d1c00639964f6cccb8ca7107cb6e578c350d50b1529254deca28e14

      SHA512

      2140f955ed5a97eb326c924bf6abb830771676ea9aa98253eba723db1834654d6c96a3608cddca51baa3c6919f9c9712aaaf1c79fb2d843b5d801ceb32ec65c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      044422d201e8271a93462c3c48273a8e

      SHA1

      5dc4961fcec0639c5eeb79e2c135be4c4344f3e1

      SHA256

      24d2e24f5924b87637bc71665ee763ecba1d47bdfeb2c7d6ebeaed35a7e444cf

      SHA512

      222daf7bf7200fd332fdff064c0134b1f3fdc03a753b2f6db04a311bc2796269311be1dd4a3a294f546e03acfd6a44f591c545f520ffbfc92ed99b0d0bc7f708

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1f6a6f1f47128cc2ae15cf12fd9e5a06

      SHA1

      b61aff359b061953c8abb92a6f608fcbf1781504

      SHA256

      cb98ae568530b17095c042ebd21fba0e14e813964e6f9ad887cdd633c7c15939

      SHA512

      9eda3e9d1004a60a89e647d0e8fee83dbd46a372f1a068327eb3e02acabd3592a10c12a418c5f97ffc35c6cfaf2754c66c95ecf272639b2b3632d4b43d644209

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      58300152fc2707f7a50f9b756020de86

      SHA1

      b15b895752fbe9b583a25587159a3ceced701385

      SHA256

      54ccc1779c51a91f0004f71df909fb7c1d46d8ad008f7afc4379c399d2e3f128

      SHA512

      04b7fa25b7119d8bc73e9341cd84f3a940718de9c6ba998214f9bc2a1fecb2037fdd3b4ccd293e9e7df3d9f2fc2737f902be980bd36e387707f07f467fe5b5ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      032ca9678f32b2bdd85766580a69bd0f

      SHA1

      1960b6c9abb31912511b513089e4a4bbcd6e4de2

      SHA256

      28a706e17cc68f61be66e45676502cd2a59d4494d43e21a8d18b2689b9d38411

      SHA512

      55db4b7c16b7b048f740f4b474381f6c62721deed0074c0b970526c997f538362ea65cb1607133319a4972d297320b3270090f5fe6a0b791b8726c4a3bda04dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      79f381a541b4b202c41fbd5535ac2cc7

      SHA1

      3936718424f24ba9842a6a6712f1d5a11634dfb5

      SHA256

      d20330103b03f14963f173740f96bfd48517741a31290e1b41fdb3b83e42e1ab

      SHA512

      17314244507f0e8992265c6ec15226035a91d0c4d2bc3298d8d8c2fd90cac009330a43895d2f8bbc0654edb9617e62ba2f2bbdf223b2cad77fbe2905df6e0864

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabAD13.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarAD75.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF32B2B869BA27E27F.TMP
      Filesize

      16KB

      MD5

      f5a87e594e5f6fe0c0df6a67120b4c5f

      SHA1

      ca92d7e043712c9b6a7f06ef7824e2ac5d0e2f8a

      SHA256

      ad00b099b129478ffaa5bc2b20ae5479cf8dabb43b66efea2b15ff18788c1997

      SHA512

      40010de11ace34edaa9a7d0783b237774546f4cae765ccf15be76d8c8e056064361b2e54cfd7f1fb8cce8a24a9c6b503b0669e0388284102a08a61b727ead6ea

      Download Submit

    • memory/1976-6-0x0000000000300000-0x0000000000302000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1976-2-0x0000000000290000-0x00000000002AB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1976-1-0x00000000000A0000-0x00000000000A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1976-0-0x0000000001080000-0x0000000001104000-memory.dmp

      Filesize

      528KB

      Download

    • memory/1976-478-0x0000000001080000-0x0000000001104000-memory.dmp

      Filesize

      528KB

      Download