Overview

overview

10

Static

static

9

5c68509a36...18.exe

windows7-x64

10

5c68509a36...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    84s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c68509a3639597d71dc6116809cb8bf_JaffaCakes118.exe

  • Size

    908KB

  • MD5

    5c68509a3639597d71dc6116809cb8bf

  • SHA1

    48c49bd29cf28841cc8427859985c46295948d56

  • SHA256

    16f375a6bb944b98f52672fe74c3fbda55c92bd1ddf03355640d401e3f3efd7e

  • SHA512

    a3236a7e57107ddd3b07b393139a74a574d50b344c40b17e3b731738f3a9e5324e6e4c5a649954577d8d874b6b975c957715f84482f6c8960810d5c23665da16

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c68509a3639597d71dc6116809cb8bf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5c68509a3639597d71dc6116809cb8bf_JaffaCakes118.exe"
    1⤵
      PID:2940
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2600
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275465 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2700
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1676
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2252
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
        2⤵
          PID:1700
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
          PID:488
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:488 CREDAT:275457 /prefetch:2
            2⤵
              PID:1828
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
            1⤵
              PID:2892
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
                2⤵
                  PID:1048

              Network

              MITRE ATT&CK Matrix ATT&CK v13

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                Filesize

                68KB

                MD5

                29f65ba8e88c063813cc50a4ea544e93

                SHA1

                05a7040d5c127e68c25d81cc51271ffb8bef3568

                SHA256

                1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                SHA512

                e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                20809e6e8a734d64bba09f71e6d5766c

                SHA1

                f503a8614107aba9de8bcd4a991615fa5cb47c86

                SHA256

                65733f97cb4d82b69dca10f9044f0ddc570c9883730fcb0c1450cb42ba8ac028

                SHA512

                d7fe952e00fc96d3fdd2dccd90bfe5eaf056e4363e146aaa40d67a3b429a848e12180fecbb2ac7fda9d3e6a0bbfd17621c5683c03ef58175fb139b34c14c48d1

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                3879b4fec84556e7e4395dde22b462f1

                SHA1

                eb7e303adfd394c7af27808680c2490595335df6

                SHA256

                601fd579a20b1615747b4ab1922f31c8fe4541efccf7b8e31f46ca1428641cda

                SHA512

                aadb52d69cdd45348c914733297cdb1aa64ab8b784c65f536fc4a9b15af910e555570ee40650dd97a7e57fc96e285bb75446e642184375f12411ea311608e8e6

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                8d6276b422d51186b592037d30bdffda

                SHA1

                ad7fd35357afba0dd586d216c09f2fecf445177d

                SHA256

                1d4712da1baef1aee6a306ca77acf24b9e450ef08b73e1e46c07cf5837efe139

                SHA512

                0fb532b28a3eb53c9d22bcdc85dcf352656bf20ce7224a23c49c255c9b494c3f259b8019b9cc73546b88e8e271fb2ddd81760fbebe809163a7124170f9a3e947

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                f77b50307fcb8273fc682d5fbfc93a21

                SHA1

                a7c8accae6f5eb68940e6568d8828e2fd2b81317

                SHA256

                1ab7826e722c34b8eade07becd1583317c345a082632ec31734d164e098eac76

                SHA512

                10a03615320ee7f48ab7e2f20dd982caf04ebf84e0ef6df2f8199384122beb4f076e2c437557985651b0b3055a66ea859f1a1b952fbc9d58c0df0f6cbe883d5d

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                5c6c1739ab87f0c87d96d2292799e7e7

                SHA1

                a75ab0cde3e802932b036d022ccd3b0d4c283ca9

                SHA256

                757e176853c9279444541e6a2e9ba7b315f96c17e6c2b905b66a10b61f0c8065

                SHA512

                19082673ca569fda35029f80741c0dd46663ce47e061800806a6ec70cf07d55c3256f1b4372b91905894b9d4905ce142306726c1f542d8520162b1dac7f7a9a5

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                fc1bb571bb169450ce0667a240de3eaf

                SHA1

                5bfb025cc33c3d9b728eb95d5dcb09915768541d

                SHA256

                7ff185a7cc5ea3117156788e60d379ad2041c4c6f91390ac8b30645ac390f943

                SHA512

                1f76f2ff3466585309f72340946aeeaa5744b0d3bbcf4da264dd43071bfca32a1f5738c3c8149d84f2ab7dd3d48e58f041fa72432ca6e8cac719149c9989d065

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                e05e656ef6a05d24f37392258e5095e5

                SHA1

                bb1af3224f78c42ef400d5ef41ef5fb6fe15a40c

                SHA256

                7a93912c459a21704eee4f91a2f536d87c47627dc71bc00193e1db39dd1412b0

                SHA512

                fa3c0051ab2ceb1d95a1a5a65e3e9793400c21785e79b5993f0ba9e0fb23337f3b7a39afaac051b5e9b0c0a7b5554d83f25ce5b10fd080c5a1ea0e3b239adf2c

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                edeeae97794c230e02825ca57627389b

                SHA1

                a45d85228393df32ae26b3eed122cf5f613c179b

                SHA256

                47cccd7ae422d66cafbacd1f302c7dcddaabd22bab25bbaa2d53f09a94bfe909

                SHA512

                7d917cd51776deaf598cb7e87abf2d5d16d88e8174599aca053930d394a8c46b55a13540f24c7d90143c841a048435218186c6b7986480656d6b2df575a16c9e

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                dfa75da644c5aa2ce2b72362745adbaa

                SHA1

                0fb99c510cdb577573a4be1f765ca393e124446d

                SHA256

                60b40331525b767124eb4f3213ad030bde878c5b4744d5fa200111e8c9962785

                SHA512

                a342678432885a6ddcb812681cec6cc1844847d5dc1abc53a4a3b9d47522547d51feb295818a1a6f4142b33729eaf6f5579229d9841c05d723e6f1277f36819d

                Download Submit
              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\dnserror[1]
                Filesize

                1KB

                MD5

                73c70b34b5f8f158d38a94b9d7766515

                SHA1

                e9eaa065bd6585a1b176e13615fd7e6ef96230a9

                SHA256

                3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

                SHA512

                927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

                Download Submit
              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\errorPageStrings[1]
                Filesize

                2KB

                MD5

                e3e4a98353f119b80b323302f26b78fa

                SHA1

                20ee35a370cdd3a8a7d04b506410300fd0a6a864

                SHA256

                9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

                SHA512

                d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

                Download Submit
              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\NewErrorPageTemplate[1]
                Filesize

                1KB

                MD5

                cdf81e591d9cbfb47a7f97a2bcdb70b9

                SHA1

                8f12010dfaacdecad77b70a3e781c707cf328496

                SHA256

                204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

                SHA512

                977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

                Download Submit
              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\httpErrorPagesScripts[2]
                Filesize

                8KB

                MD5

                3f57b781cb3ef114dd0b665151571b7b

                SHA1

                ce6a63f996df3a1cccb81720e21204b825e0238c

                SHA256

                46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

                SHA512

                8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\Cab6DC4.tmp
                Filesize

                65KB

                MD5

                ac05d27423a85adc1622c714f2cb6184

                SHA1

                b0fe2b1abddb97837ea0195be70ab2ff14d43198

                SHA256

                c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                SHA512

                6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\Tar6EA5.tmp
                Filesize

                177KB

                MD5

                435a9ac180383f9fa094131b173a2f7b

                SHA1

                76944ea657a9db94f9a4bef38f88c46ed4166983

                SHA256

                67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                SHA512

                1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\~DF77755DAE2AAF74CE.TMP
                Filesize

                16KB

                MD5

                397f45a38e6806d64707e50b28dea611

                SHA1

                b6b992baebafa86264877d48184b7e1a564c1e51

                SHA256

                451380f99c0f600fa09ce6121b265f1220889bf0c10e9ef2b98118b68f68def4

                SHA512

                9246f57dde64c7d7107803f298533a2a83bd82df28171266dd8c5c581764759fb01e0cd24801361fec643079ea50bfe5181e660d9ddffc5705afbf0f44ff344c

                Download Submit
              • memory/2940-9-0x0000000000400000-0x00000000004E5000-memory.dmp
                Filesize

                916KB

                Download
              • memory/2940-497-0x0000000000400000-0x000000000040F000-memory.dmp
                Filesize

                60KB

                Download
              • memory/2940-1-0x0000000000400000-0x000000000040F000-memory.dmp
                Filesize

                60KB

                Download
              • memory/2940-0-0x0000000000220000-0x000000000022C000-memory.dmp
                Filesize

                48KB

                Download
              • memory/2940-2-0x00000000002D0000-0x00000000002E1000-memory.dmp
                Filesize

                68KB

                Download
              • memory/2940-8-0x0000000000300000-0x0000000000302000-memory.dmp
                Filesize

                8KB

                Download