Overview

overview

10

Static

static

3

66a8ee4726...18.exe

windows7-x64

10

66a8ee4726...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66a8ee472600d007772cc17042a17c0b_JaffaCakes118.exe

  • Size

    354KB

  • MD5

    66a8ee472600d007772cc17042a17c0b

  • SHA1

    9187986d0df9f19171fbd35bf76faaf3d11b3d3b

  • SHA256

    a6095bf8a00bb9896d4a598834612ab89ae726230e73a1e95133701901745c57

  • SHA512

    10ebf706cd29737381c437e20e2c0edc89dcba7af1d35e2a4166ce0594b27932312535ee890433cfda693d17193c2b238348a689d3e4f72f5e64f8e648a3ac5c

  • SSDEEP

    6144:jyp7pQMOtvhiNyVyZHbzU5/JMi+xLus/AWQB9X:opWhcyIZHnU5RPu4B9X

Score
10/10
gozi3177bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3177

C2

wgcjeremy11.band

skelsigabriella.fun

xelectauishanie.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66a8ee472600d007772cc17042a17c0b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\66a8ee472600d007772cc17042a17c0b_JaffaCakes118.exe"
    1⤵
      PID:1624
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2372
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:880
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2504
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1900
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2444
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2208

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3c5550ab4fbdebaa122d01ad2554eac5

      SHA1

      68bf2821c49584f41868fe3b995624eeeb99b108

      SHA256

      e9556456e0c5aeb3f43299e623e49a2c8f698810df45a3a90b3eaaeb25cd9d52

      SHA512

      37ec1708c1c32c1fdd1fcfd6b53da3ec22027163da6a0c53be53082d5545dbcad40b15105bc33d410d968fdda6e52b6ead317fc25b3308b8a5e4515ac9f1407c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ba573ad7036551231129e5cd2a15e7ab

      SHA1

      c8a7f30219814c8840486afdfe7cd4c8a8d038f8

      SHA256

      9c86bc98fd1f36c588929a392565c2f769fcd814bafaced2769eb57919624d23

      SHA512

      5823637a9b2c6203cb6f5311923f805eb84f43e8eec7f6021df5d5177b11a917ea4f231d6bf823eaf8ccd88b3a0e60abef6aec53dd383bf42f0a7dee1c0bc1bf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      35e1efb71cecd722b0fa060220570edf

      SHA1

      149484e269ff75f24afc52359a308a72e1a80ac2

      SHA256

      807961355558c9d82cf1c0dca978dfc94881d9eae4fa7fa4e04cdcfb1a3999c0

      SHA512

      d14d2a5c228b6496cf9853c85e19f8c9f3fe3aad967fe87e3d96adc1d5464d468fe162f0f6bf05eaabf3cdab442a5065e827eadacd00d5b37bac2ec017b5e5da

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bcc41d6b153992bfaacd6b17a9d1e602

      SHA1

      8b7631e2d348a6aad315ec8fba22ba9736d181cc

      SHA256

      ab9064abb97c9b2502bf68e8f2aff7daa1fc9193a3e7ff26b302e0b21822e828

      SHA512

      35eb5dd2dda0f081df0f7783fab997d89df2d1ac10c6a10ddc38e445625889cd265cc8d7b9c15ea8e5949c6c24727bfe47a9718a4602ca5421c19bc5e6ac61b4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      88cfa18d33765d8337478655079de4c1

      SHA1

      d70cbc1eaff07417663015cd051963218eea5ee7

      SHA256

      b7833f84037ba6ff564222a918b89ce9921b9dd5e9484bd9728570df9bd16779

      SHA512

      678c1ad0f9771f9a7fdd2c7de669a69754cd85970ab536af3b556d6c12845e8423ff2bca9df292dc846666c81bce4b5f8e5a6e2693f00a4dad1bdb7990f2c4c5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      356cc155e14da21228d5a37295e0c782

      SHA1

      0aa92a4e7701efd282f4095031a20b2425b52601

      SHA256

      9db134eab530cb9c0ed1a2fc509ba55301f671aa0d035202766e256111e2ce35

      SHA512

      db8e34cd6c7c0f60a2ab6f8e8246b59937e57522b01b2ddb63b761a0cee45ad69f68032064ed99fe59b1460cda3b5cc82e50b05c7c355621ecce812eb46aece3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      123e72e54d7123f51c595d04ff9e926a

      SHA1

      52d28adb01fe13eac981027cd28fcd8df4c1a79d

      SHA256

      ad50fc7dda986a1603b9b54027f8eb98023851d28823fefa62244cbd98fc7413

      SHA512

      addf3ffa63329a998c23808b1ffcc3964bea6484209e23905eb4ecc5329ab9068b0b7b847c8c956311313a89a92a2a0a6e63525ab3ebfc4985ac4d60ecc527eb

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab2899.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar29B9.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFF7AB9D37C392A75D.TMP
      Filesize

      16KB

      MD5

      5b08a4ab380f7b580a9640632259fd64

      SHA1

      93f6c274062a33914f573945c3aac3bde4735636

      SHA256

      4202b1c69698a8ce7868a3149326af40b2b223c5a57e8fc6967f9fd4357f89e2

      SHA512

      a4239926317a09c75abf3eb3be1bd42b5735c3695cc0fac9dc7ac6566edfbd39ed57d9bb654d69cac0138d213079bef9d336338a76c13ea2c4873dfb877e0c7e

      Download Submit
    • memory/1624-7-0x00000000002A0000-0x00000000002A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1624-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1624-0-0x0000000000400000-0x0000000000465000-memory.dmp
      Filesize

      404KB

      Download
    • memory/1624-2-0x0000000000260000-0x000000000027B000-memory.dmp
      Filesize

      108KB

      Download