Overview

overview

10

Static

static

3

66e67d2af6...18.exe

windows7-x64

10

66e67d2af6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66e67d2af6ec6906b6f87be2b8256ece_JaffaCakes118.exe

  • Size

    547KB

  • MD5

    66e67d2af6ec6906b6f87be2b8256ece

  • SHA1

    ae2ed10a88ed5aff419c37570914ca90998aef6d

  • SHA256

    c8a3699809ded8dc65ed51c945ea4123754a6bbe735b59bfc791f3f932ab8a16

  • SHA512

    1c60ca7a064ab85829bf488c63f794a7cd63df08af94eaeb6332bfbb667722bd6ffac0916d03ff4505a7180a6fe04cf4d23c0d44ee2a7b2d1c1cb54093e7ceb3

  • SSDEEP

    6144:uVJt7IsATy65KJZnF/gYdpOLwNF/lauaS7tsPUF18avHUwAIgJ+ke:uFTM5utF/tdpms7tKO6asJIgJt

Score
10/10
gozi3187bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3187

C2

qrodericky94.company

g77yelsao.company

tromainevirginia.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66e67d2af6ec6906b6f87be2b8256ece_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\66e67d2af6ec6906b6f87be2b8256ece_JaffaCakes118.exe"
    1⤵
      PID:1872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2456
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2836
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2336
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1448
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1448 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1512

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1b0c7b94631f67f9d86648a69f74367f

      SHA1

      a6449fb80e48eb4af3352f39f14076551624af4f

      SHA256

      fea5cd119c3bf017e4124f799129072a73c82aea9c3af4e0c6f94291c5e2e94b

      SHA512

      0dc130601aaa5c3a1abf996e58e64b4a7c0c33e262672d7af9ec317183a67210204b09023fae4bad0f224b1a8e2c829a8a6eb0091abb8f4f5b50bb0196d76725

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      04a771275ff46f3993aa985c7854eff9

      SHA1

      42ecbfc1fb7f5680aed14c428eacff87f8776034

      SHA256

      32e213e0ad8773535d586990f9db5b5335946cc8dd30aa0e99a8e6ced3774de8

      SHA512

      d09e89a42b6bff7497f6ab44b0cbb3fa8680c8a45d63e69ea3ea80b13c0c428a5f0730d66a696e0ab849015eee4738ad4e8c6824d555a386a5e20a4c39d161ae

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f1a575105aa365eaf5b3f93ef886dae8

      SHA1

      3bc122c95a13e7a98c78f3daade66239f72f50b1

      SHA256

      3e8fba5e9cd9eac82026db6428ea7cfdd060f36ccc28b941b63866c1f7e0a16e

      SHA512

      7742ece0f7386aeaddf96052611d9917649f4a099ac89fecb7e8491ba7824044d3061aee27c9178d43f5418892bf54a9dc5f3a9295a4357a7e4c7e2214c596dd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      31a8d8efe64fcac9db29e61ac291b03b

      SHA1

      10965308657c7c80beb98df679d44eca9dd802a6

      SHA256

      8c0236577efcd67c2b208e6da11de8a65a917e4741327b45ebf6ae3d29486c54

      SHA512

      94724c0963abf0b371620eb701b97c7c25f66641f1c3ab22a51d22de8c4fb091fa70bfbcb7fef7c4142a3c0c81f7f075e4a60b2be17af1c4ef436d0c13900ebd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      99055295637039213c3bbd67b57ebd07

      SHA1

      aff180a46e6984125ece558ebbc12f4ceefff7a4

      SHA256

      21c64d4ad1134adf86190ef863ba6106035df2146ae368caaa1865084b25419e

      SHA512

      befc7d9d08a1c514f3affc31a758275783b8adb805327744fc5b2aa615ac3683b09f32f61a9aca98e76dcc68c9809fa373149526a216312b84426a54029b8dc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aa7daca3629e3f3700665be3ca2b5f64

      SHA1

      fb7d4d610485ac2ef627a510da647eeee88d3ae2

      SHA256

      e04fc48abf7dcc5067ec098398a7a39f2fcd5ba2d6e0841c5569617dfdfac757

      SHA512

      36483ede9451f561d57535d7cdc7de9a9e3b174dec08dfab30c21ae46f01c3bb8b80e5efe996b48beecf31bfbc2cfc3c11b7a8fca1cc6aefd6492a1b95019cd8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e20810769336f7b049771f3f87221d6d

      SHA1

      43b09da345e3df9066ee03f423155c67f32bec41

      SHA256

      1867a23067e650935b4cd6b53ebe723f2751ba732ba05747f0b9494c396fa043

      SHA512

      8dd8d451421925381c609dd2192e11d3510495100de5e603bfadf07d838f95ef9aae15f8dd94c1d7bca74f305d3c4414e21886f428dcf561ad4c1b6a07eaffb7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a8050c6e7fcb6ee4b6c751575a25932f

      SHA1

      2eeefbef34cbb3831b62d2000f4931ecb77c5400

      SHA256

      2a58934e65bd50e09f0f038f63ee5250700cb1374fa3d34d26cde41c259b6f30

      SHA512

      f82e185a4e9c22a1cc0c066e66b53c19cd3fafb37d1e1420facac7110130e6f906357c3eb3a29fa13edea23e7d0543191852b7ce7347a4946f84518578930fe9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ad2df4a35e93e680165029d7d179c30a

      SHA1

      4ebc3d4daad99409f0ce1d6303450caf4cc0cd16

      SHA256

      95685c20ca5761f68e78c376055530b1742a8dea80383b2ca813f5aec977f8c6

      SHA512

      c428f29f1eab9bb8b4735de56ef14b3eb6d3b8d42c27cfaefcd1de2e5a2d0d9676bf67a6d6df36a1637eb0c5682b0decf9f2105508bcabb97cb514481f0aabdc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b858aff751d2155e40676ee591f2553a

      SHA1

      53acd4479c330bed252b67c2a0419077a91cf08b

      SHA256

      4f278c6536bcf0982d25f766bf714b7925554254d813f17729a5f93cef592c06

      SHA512

      a03df2c6e070e008df89e8fe9620b8dbe74b758f9e4972a9369b83d12a21da511c518b13db468b6d754e3f0c5a6c805fac80ff17d2a99eca50ac9895f06a832a

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab895D.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar89BF.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF10E7393D806756BF.TMP
      Filesize

      16KB

      MD5

      54997ef7115e9ff1d6720910bf2c9cab

      SHA1

      0f70f05f6efe45cb42d9c8c69342ee6ef814c55d

      SHA256

      39bbb58966b89eb4efd0fc9cbcdee2858c1f8e3b9bccd31520f2c9d79c74895e

      SHA512

      1494c9f6713ea4acd74700332915cb13a40cfe1b4126550d1fc641cd46b9cf38f90ba7d545b18fcf54bf9f3d7835c766b84356adb41e949af5db08b7ccd345fb

      Download Submit
    • memory/1872-0-0x0000000000F30000-0x0000000000FCE000-memory.dmp
      Filesize

      632KB

      Download
    • memory/1872-1-0x0000000000090000-0x0000000000091000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1872-2-0x0000000000150000-0x000000000016B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1872-6-0x0000000000180000-0x0000000000182000-memory.dmp
      Filesize

      8KB

      Download