Overview

overview

10

Static

static

3

68a696dbad...18.exe

windows7-x64

10

68a696dbad...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68a696dbadb5f0c0e00568eba7283e46_JaffaCakes118.exe

  • Size

    297KB

  • MD5

    68a696dbadb5f0c0e00568eba7283e46

  • SHA1

    e46e26a21654f80b5a009a02a80d08025641a09c

  • SHA256

    27922dcf3ce8d7c92cfcead3b8418da0565a63e563517d8023ea16f3df016fe6

  • SHA512

    ecbdcaee34c72422cb6749c3ea687282d325f1cb99acdfbae61a0b8bd1dfa404383df09ff652ba0eee5c85f3ad97b5da2383338a42bbb7cbfe8a19a1e4cdfd93

  • SSDEEP

    6144:cyCwZntdUnKTcdycMb9rLtDbF6WT2dc+BCcJrbL:cl1nKodycAhlyB

Score
10/10
gozi9898bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

9898

C2

mcc.avast.com

line.starlightgroupllc.com
Attributes
  • build

    214138

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68a696dbadb5f0c0e00568eba7283e46_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\68a696dbadb5f0c0e00568eba7283e46_JaffaCakes118.exe"
    1⤵
      PID:2236
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1484
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1484 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:632
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1716
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2584

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      48f088538d83042b02577451fe064b41

      SHA1

      df23a9e7e5c75f7e1f6acfe238864ef9eeb1af75

      SHA256

      f46834a9d10e1c87bef80ff6998868f84a9199d8a754e123e9fd6dedc68b5e4c

      SHA512

      76711557f3b2bea1ce17d6e119f62a1898b9a824fdf0d75212c253fc6aab5a669a629b063c1d3006c1eddbffb48ad4906f61e197f7b3f5f4e98527d34fd2709b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fb325e1d6ca1c855fbe476c6126af9c2

      SHA1

      5279a03aa280fc86766d3d2971742ccc9153275b

      SHA256

      75cc5a06ecd1774f5853f298472cc163e46d4566fce990b53c0c7b9f5ba2b88b

      SHA512

      ecd831f00d0e502c2b56a8601ce994902956126952103ea1a7eb4372744c05ed480ab388e7aa588e9ebd4edb3b415c158eae766ed14aecea46e79ec889cfcd9d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      200b49303b387665f3769b6dc7fb429a

      SHA1

      ac971fd3517c09ba6a7bd345daefcd595ca2e301

      SHA256

      76f8c72b2ae3b87fa0cca2161241eb6248c95077e01b1b8e324d38b9a81c7bb1

      SHA512

      de581e437b369cfc7270551e29a89b97d4192b4333c7cc22cf332c6425178589cf661781f1d67d83a12522a815e75f3acf095af4432d39fed6d9a3d02d54ab7a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f4515d6cfd866fdb7534ef1a291d7d5e

      SHA1

      f5541aa161014d80f1c99d1cef95eb8647a2b02f

      SHA256

      ede373c4802ed559e76b5fddffeac7b9034fd948703a188e5a49106e322fbf3c

      SHA512

      72679e8e8289738ede1c34a4f1c87b2d7a0b563a76ef5c6bbe60d108788c3499d793e01c6922e3fc39c981b226ba250af36fbbc3c15b65684ac3b8ab57277a4e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0d33ff1dcba380a23c2fe71e8eafbb77

      SHA1

      e8ff6a2bc34e3324962b1b29033e556148025526

      SHA256

      ef1b9bf8dda97954a8a4da4e1269c58554209da576ee4f6ccc8e7ee6d5a3a916

      SHA512

      4e5030e185570f528f82c0952e634b867663b14c04f86828850614fe049632a03a3d56b3fa6f31e082baf229269f5700a02316f318f7e17ae5cfe8f3f37f3dcb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a9503ef655e04da9c25ab37146b2114f

      SHA1

      59fb4c1a566d04411ea916295d4ace7e45f98969

      SHA256

      a1519bf28caf4b7c75824622d0134eb82c4cb468cb0db9750f091907dc3e27f9

      SHA512

      7727be700d97bcd61b0c562a3453d028b299d66eeeb08fd078420ffa077110f84b2dd77a6dcf6884416fb89b2ac0aeda77e74b3a8687834e1ad7f982921261e6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      88704452e763b333b647bd1f6895189f

      SHA1

      19fa25377e7f2a7a6d57e592cfeb35812379d3ac

      SHA256

      3f2eb34b9f57fe2f8d1cf7fe3f3943404d299560de2ee51a469edef15c06be69

      SHA512

      f959f107d786c3531b5e7c542a53576de75827e90f126eaadc7fcc1ed3580a8db114f6c34433f5d2023b879165d66f7162a783b31cd9f65cd9249e0c56a04274

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      231cacaac322184d692a947e6c30a56d

      SHA1

      49c101f3fa3277cc1611f11d026e7684ed6f0410

      SHA256

      2d2b0c0c98dd6eaf6da3c1aea516334b3a29a86ebb4d41ea6e7c94ab66f3ce03

      SHA512

      ab823eff4f0597776a13dc7e615c83d7ed30aea8f4fac875732b8ecd8558f8b46d9245e5a7cb00c9d21a3ce2b5b7a6a7ef0958837db3c2bb7fa7a4b2b84fee6c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      034b7d3e6df5bea669347f565974f26b

      SHA1

      5972a8b479506d8f968890ae0c7a4eca5e3f79b8

      SHA256

      b47d5a1f4eeb03e3d13ceb0d0dfec096cbe50ae756f49d0eb5668ae83410aa83

      SHA512

      1c4fae0699f086236a8da37864d43bf14f8f421d3e59fb31fd4085447ab8202a24acc365473f85fb70b8645047a6394e3593e0792a67a2732c019611d5235d9f

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab732F.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar73A0.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF4E8ED2CB950A758C.TMP
      Filesize

      16KB

      MD5

      f354f0b496e8bb81b51b1be7db72f634

      SHA1

      967f8c2bcd51549d92cfcf1b2e0ce6461031be17

      SHA256

      89abf46399696e85037ab2356ed560dfd6a06978dbcd7079aafc82fe8c6cf81e

      SHA512

      f71439c3e8ba7cb83dea2b52be03405534c245bc6f19b881e0d89b5bd757ad72e625034607fc6fb5dd6f92921f92f3003d0174cd7cd894d3a0b2d25efc7a528f

      Download Submit
    • memory/2236-2-0x00000000001B0000-0x00000000001BC000-memory.dmp
      Filesize

      48KB

      Download
    • memory/2236-8-0x00000000004A0000-0x00000000004A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2236-4-0x0000000000250000-0x000000000025F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2236-1-0x0000000000270000-0x0000000000370000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2236-3-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2236-444-0x0000000000270000-0x0000000000370000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2236-445-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download