Overview

overview

10

Static

static

3

5cf50b45e2...18.exe

windows7-x64

10

5cf50b45e2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cf50b45e2e3dc904429656480609ac6_JaffaCakes118.exe

  • Size

    372KB

  • MD5

    5cf50b45e2e3dc904429656480609ac6

  • SHA1

    38f4cfe6bcfb7e07446f5b6f6bdb252e029aa54e

  • SHA256

    f46305efa3c61776d5ca3f4d1a25f2a99e0eaa1fcc9ea3a8e736a8305fd63a3c

  • SHA512

    88acc5491c3f2a7992c28c42942cb0277c8b744581be5675f4872dd75509571a6b3cf967d802d069c3b1b9e911c747149994938931b23c11522fe76456c54883

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzygF:QKEufaORxezE5Fz

Score
10/10
gozi3181bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cf50b45e2e3dc904429656480609ac6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5cf50b45e2e3dc904429656480609ac6_JaffaCakes118.exe"
    1⤵
      PID:1636
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2084
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2308
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1632
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:556
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2632

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      01c2b7d46375f5a859d3616e36cd93bd

      SHA1

      f4f98308483e9ef3d9bfeee835505058f9911540

      SHA256

      b37e19c90694a153743ec67e58e45ee2000e8e218d7cd209f8ae410e186bf20a

      SHA512

      030a013f05f4f215316bef1ad1e50e136d2ed7d2224884dff0cfe68246c6f2230a0e3e5372509a27b6053a2d6533b653249242b50d1582171aeeedd91534dd65

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      83ba13d7202bc35d94c590a937ea9a9b

      SHA1

      881f58f2024da8f9e5f3c3c344273cf221d9a65c

      SHA256

      24ef52c5cd178d80df4ae848ec854bcbc21fd5d394b28b02dbf40e369fd03f0f

      SHA512

      7837c526ce30794f405ff23c9b4856719590363882c261bbfd9d32ad1ed7bb1b88a8c82f5ffe1630157aa6e1085e336373c2b9574ba387eaed6ba9823a478eea

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      49d10d63b356224db4aa9aa4c74d4374

      SHA1

      92a76bf0c89a2d2e1c9cf2d1daf1d7ea4179e324

      SHA256

      261b47f393fe95566c3662cac02c3b5931627081dbe9c540aa259eb19e69ff6c

      SHA512

      9cc692402b47f3a96ab0de1ff7d9797aafeabf5b40f1375b989a3c9c4e1a73c932c74f84bb088da8635dbd0dd11851a2aac88860d8fe5d53bf71e4a0521ab713

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d07bb12daeeceae1dd06e63521257fde

      SHA1

      5400fae750f4ac8d397c7bd6448cf14a20de882e

      SHA256

      cdefd2fe6bc40396b984ea2da77a89a0e39693874a87001d3bbb87f4b75ec4a9

      SHA512

      623517f715429f24c009e3d26194fe2490d5ef6199492b0b186a0e665e96a1be6fde7a7c2d9389f0b4edd76db8db072868dc41264cf2d102c46996addbbb5ab3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f0f3e16a77e66ae02058aedaa9c84645

      SHA1

      0ec7d5edb30878ae551a6d7ac94348ca73502ac8

      SHA256

      70fce4eb78b8e70298466193a94d250f33cb9ea98975ab042bbec78c871fe206

      SHA512

      1784fa67d628612f46ff539b0a32104eafb1a01580965ae77d658221dfc246d4e02eca4a4f2eee41fb1da7fb0336d79ae66b50ac191112c3d3aae1997dc774f2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6c74aa1f476526f0518de4bd0f99fdac

      SHA1

      db61906c195379204881a72b1659fbe4d7bcdd01

      SHA256

      2ad2d021bd29036cd47a462a78574026edaca163cc4a233d75feaca7e2a58aa1

      SHA512

      e8e910739d7f8068ff0b1b2da7914687e077209fb0303efd08d84c98c5ffb5d7f27f7dcf661760821dac44acd7a86548de13ef9454e1fe2b90b842fc18196ab6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      750ce7b3063f2a0fbac97cc7ee6d5f45

      SHA1

      affaf7f008952777ef902c39a17299a793282e8f

      SHA256

      2ab8eaa15268250300df1de860bb6d34b99e94e5c974146d14c6b7310e869a59

      SHA512

      573f59dff7488db57f0a7588dd6ee6f994f4798caa6f7980d5c4ccb2589c3bcfc185e9bc70719a01750033518a9871219f836b21c8f259f61fa2af74c0df5037

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6f4d58aa6d7e9f12e9d42e305503b005

      SHA1

      dda7c73778067216699122102f374023400f8411

      SHA256

      4bdfe46dac33ba16bdb58033b1bcc7dfde2f74d3887b73c9794b4f3cf8432836

      SHA512

      d2e1aeb430b4aa568a4697cb1bcd53d56e415479e405c3b82f0fab07a61d1f2e118651b369021b479389b9bf5668a801262c322058011238993369807f2b480b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2088c2b872a6e8472ca69c24b050aa4d

      SHA1

      179c94b9495dd889cfa93eca211d30bc0a798594

      SHA256

      f175987cb17f694f35f952956d80ab82fac5f30922638d2714b410a03b4731ee

      SHA512

      29c99274902728bce24ee7dbf0a8fdd7fab2b843a8fb2527dec260c0ad5d9bd01e45f3717dce5786caa42a8c4b58fc019877c6637310bff9e6cc664da720a2a3

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabFDA3.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarFDF4.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF5A4410471800412F.TMP
      Filesize

      16KB

      MD5

      24c5ae4753324c7d353230e57f289f03

      SHA1

      4c0a28bea0654bc2b41a2ce8c7c6fecf572fdd4e

      SHA256

      0e24e05b1dbb795de9f9f238da2df53cda1a46d5cbf3523467185d48590932c5

      SHA512

      43d98095c16a1db1794cca6ad90e485d2117d598590e5612bafba480baa90ca9b1abda3949ef0d0441b9b265a6236b6919ae9acd17e1eeaa2b75b4e0f4d90141

      Download Submit
    • memory/1636-6-0x0000000000530000-0x0000000000532000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1636-2-0x0000000000340000-0x000000000035B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1636-1-0x0000000000310000-0x0000000000311000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1636-0-0x0000000000400000-0x000000000046D000-memory.dmp
      Filesize

      436KB

      Download