Overview

overview

10

Static

static

3

612bfea40a...18.dll

windows7-x64

10

612bfea40a...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    612bfea40ab2f0ae736b98e94b95bc5e_JaffaCakes118.dll

  • Size

    118KB

  • MD5

    612bfea40ab2f0ae736b98e94b95bc5e

  • SHA1

    c95e8af48c7cd4bcc8f28583a2803eea5124b334

  • SHA256

    9fff8e2a6ec0b66b064f156eb829722576a3a3d64a2e77387e599477a55e53a9

  • SHA512

    b013da46cb3b34af5de8d1290ffe42ac9c6b3eec32ab7ab4234bf300c0530bdfd3371759fc9ec049a024959aefaf88578e8e2410a17e9f28ceba875533c16bf8

  • SSDEEP

    3072:5Qyynkl6uDo6e0swuPWDsQ4gBiMJJfqc6wVAFb7XWe8Wln9J:VllTlFLsxgBiMnCfca7Z5ln

Score
10/10
gozi7129bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

7129

C2

pop53334.yahoo.com

web.canoeontario.com
Attributes
  • build

    250154

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain
rsa_pubkey.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\612bfea40ab2f0ae736b98e94b95bc5e_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\612bfea40ab2f0ae736b98e94b95bc5e_JaffaCakes118.dll
      2⤵
        PID:2264
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2200
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2324
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3024

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      56f553c3665768374abaaeb725e4f1ea

      SHA1

      4922b240b49728f9a1baa453c045819211a81589

      SHA256

      7232e87760000480a584ae978ac5a25f80f0dd1ebf2f0555eb636a1223067b82

      SHA512

      e3b1b486b7bfda8835825704b3f01fb272e6d91bfb9e79cc60270ca3b67e90db70a8924d91739ee9c0abca33e73253a564c7faea62b539bdbc73ca9420c1aa11

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      18a58775eb63abff6ac35943a4f9feef

      SHA1

      4694989df5f9675d27498bd90f9318a0bfd4378c

      SHA256

      41d19b144a3c6405cb9dc5ede31b8261001d201ebbc803b57992ae54042e0941

      SHA512

      bf3836c2f771d9597a100d219650c26ebf748aeb5c6e512808ebb752d3b3b598726f48a7cb4c8969d1fa90914cf8f821ba11e65d1afb121c608695a53073d704

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d160d3510598c4ecda45666db8a571c2

      SHA1

      92006049b1071b79a0134f1146973388a11fadc2

      SHA256

      2621a01fa971fcd16ab9b553741d9c839aaa9af90eeca611af94b1a1099c1106

      SHA512

      a07f8cc52a4a0038c1c456fb03107f6e168daa328b6e82526db124ba846235f75abc3cb2f25fa6428392b8b0f9e95071f9df652b8758ef249b3b767b94f616be

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4ca855704c4d68127b8b33d44a5dd009

      SHA1

      f445b3eec772ef02705121b79f8f77c89f8c253f

      SHA256

      92ed41e8e1ed119a109c3e188931156c152f5fc1efdfa161d6f8cc89ab16f384

      SHA512

      70139d4f57f8f0b260c0b7c3dddabe181bb46cc7b18c72ab34bd9ab3f25137d5a2831206ac5eb1b5bc2459353d08a5881ac6b8b8d89e4ed786a0ffc2a608e0aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4e5de65768d77d562b8b5cea67588588

      SHA1

      865f324b69f54bb49cad48c19f7749c0504c82fd

      SHA256

      efcb2d733f0cbcae7c89a7686966c690872936f1098ed9a31685e4e7729ec44a

      SHA512

      2fd222d2b0a838eb1ee0bde3c6b6876b74a7f26545adbbd79fbdd13d80b19933f6717b23d338c44dd3e7dd93b934cfd13e6e6763c7ca720fd0346a8b961516a8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1aa66ea49c8d2a97422815ac81b57d7d

      SHA1

      2b9486dbf709df9cb592346df3fdacdac0fa99b9

      SHA256

      dce530e2a2398fcb103533170deb14089e6716a0b07330c879377d36296b7c58

      SHA512

      3efa138a15be445d7aae1d75b8539d7d6a37cb78c5a8b874d8022889efa20bcf90d9640eb0a5bd4a60bdf3c1350d181fa8460c6f40daef67e2e305985fb23156

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9ad63675e9582a7095beb070d3d8cec5

      SHA1

      260ef871002fe6d2f4c15ba45282427ac5ed816c

      SHA256

      c5b6b91885a5c76fd5d158399d95fab45d58d27c2f9689cff15439f0aa74da40

      SHA512

      f465df0f5c87bb85b7018eabe137c462c13beb831dcc03941a45080313b6873fbcf4a872fc08238be02a8f3e70b4ca84f98786320a77e036e344d4bef92a89af

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0102790259dc0623764d3e3d597cfd1e

      SHA1

      ee074c33dd70316b6b735661dbb6a53104456b53

      SHA256

      ae7c02794e86817fd5c6c30c72de19b0d80be380fd2dcbf1c3d2927a6dc8e960

      SHA512

      aa06d7b50dbdc77dc667c3678c20c63ee839648e9e88d650b805bedede57074475762536f461b06e2c27de718501c244bd1ba952978e1770fd32c9081bdace80

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      09033a5e83c8053ecd18c91a48f08db0

      SHA1

      06786dc93f580506ad6b554092dbd7efcaa6bb3f

      SHA256

      275979d5b89fe591a631d4685987caa500d39f0f4e6d96b7ec79958acbe62a6f

      SHA512

      34cd8cc3e580780684e7fb8b908035069d9ba00fc9ffaf3b81a556ca5550b0f6c8e3788c5239773dcfea09281860a0ab422789cb9356f9669d47f4eca81b66b6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bb65b568d0ed8b8a5bf0e5535b963292

      SHA1

      d77178ef3bbddb9d88f960a35dfa53e33ba25115

      SHA256

      b675590d731c9ca11035926d6edaff3e9c20063101e173a5f72428f7095dd855

      SHA512

      65721481464af1bfd547b213321650fa5ed7ff996cf9d0a805770a11be9e34a0f404a54a475e99034edda6b269ab3ccc17a4b8d4ba693eccaa10301648248aff

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7B6A.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7BBB.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF9E5FD407C7F32B83.TMP
      Filesize

      16KB

      MD5

      8cc4e0e8a15246301acaf65efda2210a

      SHA1

      4ef7e99bb1e0f402d3c8887aecb953c07499ea95

      SHA256

      883ea8b0b338a869cf92b4863aec556277a45ccbf534afff728504b7511519d5

      SHA512

      20806a7b83c15760ae395d9921c9439be4a4e0ffdadee6e1adb7133ee73c8ecde3ac3411ae0256129d9403991bc23b9c1e423d53135ae046fb9bf2b58326a5b8

      Download Submit
    • memory/2264-1-0x00000000003D0000-0x00000000003E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2264-0-0x0000000000190000-0x00000000001BA000-memory.dmp
      Filesize

      168KB

      Download
    • memory/2264-5-0x0000000000190000-0x00000000001BA000-memory.dmp
      Filesize

      168KB

      Download
    • memory/2264-7-0x0000000000620000-0x0000000000622000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2264-443-0x0000000000190000-0x00000000001BA000-memory.dmp
      Filesize

      168KB

      Download