Overview

overview

10

Static

static

3

65bc84ec66...18.exe

windows7-x64

10

65bc84ec66...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65bc84ec6674326c0635475ba6083fbd_JaffaCakes118.exe

  • Size

    197KB

  • MD5

    65bc84ec6674326c0635475ba6083fbd

  • SHA1

    ca966cd1ee0cae9b43bc9c4f93a513fb322c0035

  • SHA256

    865676ad9001b2f7822bfd38039866119eef285f957cfc8ada35d6068ccb309b

  • SHA512

    4ba6f7489faa9c774b69c13609fc808a0e57d44db187e05da6d46c8bc46accf7cd0ad282125c0564a486b7885f3dbea649f83c54745e1c21787fe3a7ae40a5c5

  • SSDEEP

    3072:rWDdCZn+MHTptyZ1+5Ck15lxYY54Fp3QT2kZz2yDj0EQ8x7xSJM7UmA0ox6:rWkdVlS1oCPY5+QT2kx5HlS27Umg

Score
10/10
gozi3135bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3135

C2

zweideckei.com

ziebelschr.com

endetztera.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65bc84ec6674326c0635475ba6083fbd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65bc84ec6674326c0635475ba6083fbd_JaffaCakes118.exe"
    1⤵
      PID:2344
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2708
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2272
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1944
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:532

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      baa0cf5cda6d93f1a0da1182526a5ef5

      SHA1

      a616530be13604d673492687d9b89ec9fc169478

      SHA256

      c265eaafe8661749192ab1835f9fc7f336382aee9302e805bf7c4777e798aa23

      SHA512

      b324a59355e50f50a52ecdaabbacad482b788755a078b466d3011bc29cd11f548722e773fc3a43bd113a60d60dc92ac9e259a7811527888c42df98e3b84a1299

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8fbd1557f1a82435cc4047779a0497cb

      SHA1

      a85cf7d2a6536ca6e8bcbf0c35688809909bc136

      SHA256

      b4ed55d9aac4058954a520c7bce19f64af45dc8970541108e9146525876541ce

      SHA512

      f637ef5b78286867dbef602f7980ea848d76b715f82dc4ddda4faa53ddc1924f1e2a96d34218bcc57e28e15eb8be0147d1efd103d76b5f25409a538cd4050517

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bcbc7c3a0fca5b9db8b13b1cf8132c4a

      SHA1

      1cbb4e639af398ace9e34ce562ab9ea37b10b782

      SHA256

      fd14572d03db42047317c552d8d0b8f5f5b3a125649bb3c62d4e6bca32174ae7

      SHA512

      4904fc343c78cbd3f1221465c187c9e0c65e0187fadaae7d44e506af001cc73262f39ebb33b3136a5a9035eadeb88c68feb103c367c8c8ca9dac41eddda17ddb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      209185dff7383d81a0190d02f1f4b695

      SHA1

      b9d03980ab4d2f34249427c361c0e45b42aefef8

      SHA256

      afe4e24f0525e9443641e16a22ec79d9dc62fdec6f3e9b0b93c1705e5a989fad

      SHA512

      fc3e8aeabb615e5b702e43642e2b6e7b86ca3f923dd8dd4532e83430c3b49dcc526726388b3774949a6cabe44b82814c03074ad4f67a5d33a9139663580a0c37

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e331093b67c0f155cb20c13f9e798544

      SHA1

      d7dd28cf84d1478640fdeee19ffac4ae341a0fbb

      SHA256

      01ca9844a69e7a384d52526bc6ab2da8896a5d51a9f20acf43fe7cc935accd0b

      SHA512

      c05f0e123dc0c386b577a47a168cb2e18228dc2fd8553a9dddf57645223074447d0d15d50ee8e6ba14323dc2d4edd6817f67e32b4066373774c8d57608e56a3b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      38c24e8f0740a55447d081bd1d26dcd5

      SHA1

      b3e84270ed3c05139654987e1de3a1aaabe89f63

      SHA256

      831927e51a4504518a4f442ca557f56f5d53cc2cab640682c01ebb3f2abde51c

      SHA512

      4fe499da0dc7a411560b6b4012845ea9e7d8b24c6fd0f045664cfdbda06bd6394b88019de5da2d0eeaaf088e8e36c15607d9daaeb140c44db6553ff891b5cd1e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fdf142558e34a5399a87abf2ba7ed47d

      SHA1

      731495a54398b110b4941268db3c2e5ac5f965e0

      SHA256

      dc2e8bd0209dc0a4ba8a905034fa8a1006e0a63de365e7ede142d4412abe8d9d

      SHA512

      2698f8203c78aa01d77b911a4f87737bf28481d9ea5f8d8a713e627e9c9dc6b9ad65e1c16cd36f83ce426ce8b4a92262595d454347420a9fe369036235eb6e0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      459af2e56c6d935bd123fdcc9e1dbd24

      SHA1

      b4e008cfa41837fbe1ea9326c49007747706057c

      SHA256

      801e4d86b2f6dac38d1f01a340a850e516a161a7c68a9cde2bb8ef4ef999034b

      SHA512

      a04862f201af61edb4415cdc230eef5e34a72e6cf95b1f152a822d23ba6dcdadee0ee782219fe880acf86e22683678d0bc02be1fdb28e52728ea4328b374fdc7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d16d97d1e24c79a1e25729273f85d23d

      SHA1

      6a485151483332f67bc6fbbecb28435e5a866b5d

      SHA256

      015e0db2e109b4763fc771fe8333ee4ac43d8c6cfb569f7df027f58b9ea9dce8

      SHA512

      ac55e62a11b0b8d70cd48da262d0e4cc3925c8ff7a98aada74d5b45ea64502155f3f8f6d5fd877203186fc71cfb6b3588c7c24293c0b475c737bed580b80a1c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f7bf4bf74bc442a53e732cab99143b64

      SHA1

      a1092ef9e8225af944cafb4e5749c833c6735243

      SHA256

      67135987afbb3f86db61d760f4444f5501007a4c4476cdfc8a6ad161c98fe088

      SHA512

      ecfc479c9523e380c0d1c0824f93f259be2c272bdec4cc40536a4c554b22ac614119d1d7a0af43eaf7e6ea001100ae8e5b66fd14366d67a91c9a00819abf5403

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4cbe7678d0aa85758fb58288480ac10b

      SHA1

      e2b0d9e34a8b27c033c63b33ddf69088fe6f0b71

      SHA256

      52ef983205028ae479df5afd64fbc5fa575a988e48e270f2b973f126f411b18d

      SHA512

      72fa220aecdfec59799d854ff8b76a96b3c4a2a073d7ecb24c279a0e2c7969e7a1d66c0f1f8736319fed6ca8e5291f0e7b41ae61ce686e22cce55a32afd477d1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f4ecbbe1ddc878d062f4c0c128c037de

      SHA1

      179879e302d68f44db25d189e3bb92c9ad797e81

      SHA256

      d7229ec98d8901de9e4487b43dc83d62a54424674ed13773f428ce0f886d968e

      SHA512

      09ef5f484a5fbd6b841d9a7547aeff34d332d87da78c0cfb3027a5365c1de586401544b8582ec56ec15a4a61554a47203bbde9dd482f1c0f9c59dae5c022e649

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      76d51e7732f474bf5a48193faacbe57f

      SHA1

      783bc1ff1c8070c8e15378633a8f6c12a5e15371

      SHA256

      af7fc9079d4ec4c55d6fa45995cc3643ada09d8b7ac7d395f979ac3e39bde7fc

      SHA512

      c5d7601d479b0161d5b62e3ec3663a0cc29305e227cda8e4d74bc17122a78c020ec8b7d9665c3f88f35bf9f8b08e0964e291e44b66e25dd432b5bd2310f6389a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV3OA05Y\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2ERRV8H\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMWH3D1H\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UI9GXF84\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar915D.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFB55C588C86419EC5.TMP
      Filesize

      16KB

      MD5

      cb0380732ec7022e79befd95c649a043

      SHA1

      4240c48b25ea37772b188d56ca62756d742e8376

      SHA256

      bcfe04475743980ff578dc2cedd276680e13b79d1f75217671f74a291e87a0cc

      SHA512

      09697f43d93bb74c4b9ddef5a8706d8c1083e4c6972787dad82b261f0145f7f0dbd968ff0901ee315b331fd3013eeed0c68d343a631a59105cb3c6847e6d49de

      Download Submit

    • memory/2344-0-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2344-1-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-2-0x0000000000270000-0x000000000028B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2344-6-0x0000000000330000-0x0000000000332000-memory.dmp

      Filesize

      8KB

      Download