Overview

overview

10

Static

static

9

692f0c41a1...18.exe

windows7-x64

10

692f0c41a1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    692f0c41a1c901093146fb46a8c5ca16_JaffaCakes118.exe

  • Size

    908KB

  • MD5

    692f0c41a1c901093146fb46a8c5ca16

  • SHA1

    a1dea48e55f4207711db12bb2abf4864041cbfff

  • SHA256

    e1aef4524d415e65b90c985f54755d8336217bfb7bc72c50ce32d9dc88e1b07e

  • SHA512

    106f59cc8d1a5b9ace12f749be24e5dbe2fa315dffa40fe53b5eab8b89c66bb9d1c9261024307b6406254bef9bf90875e952c3822f85b87a67f4a452d9250678

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\692f0c41a1c901093146fb46a8c5ca16_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\692f0c41a1c901093146fb46a8c5ca16_JaffaCakes118.exe"
    1⤵
      PID:1724
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:209931 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2376
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1712
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1528
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1592
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:336
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2872

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ed60528a7536e9c9eeb7c470a22b243d

      SHA1

      f9c7df5e73f7171102f42e8b6682b702afca0489

      SHA256

      4c8cd1cace8f031cce572486b362662c9c9fe6c69f61c121edf7ae7ef129c686

      SHA512

      7f4529e341443ea6b9cd5841e2385ae2420ee8fde7e348ded5a933a29486e73495b5c7b59c56e2a97810bbaf7ea16f0412c1d2f75830ef163cde24872b6b5d91

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5d246717b1da389e660aabdde048e3c6

      SHA1

      ba5b2895a7d6bd7e77bc8a59f95ecaaa48704d60

      SHA256

      e1db884183518b4c98bccae651b2acc7af24f1ccb5fdd5c1250538309da7f42d

      SHA512

      8241ccab86605b421998698955cbd8b4a6af0e1afba375f15ab66a26f84da1f6041bbe44ab66e47f9e4e684e94b3c67e2fd2b922741db513d7019fbf2f274836

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6e68bb44020583353d056902dd0c2724

      SHA1

      5e9a13cf6e0bb40fc53963792e73869cc877d533

      SHA256

      b85c887adca084d1be0e69ee72f3a532dd02cf60c69bf76dc73413fd8bb5953b

      SHA512

      a879349e8629317bcb72cc1a05e3dbe4096a7db70d96182f1bed99ef3c948b37261b145216ba853e0fd3c66c1c169aaf1d4ee406efd1aa74c83b1f3591f5baf4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      12fe6a055a6309de73c59ec16baa9bf6

      SHA1

      945991f828bae3b72cd022c10548367af48c3d95

      SHA256

      b4d07df0f443c03875c47e662203b780e2198c806f94bd4a09b67ccda0c0ef18

      SHA512

      81fb15d94e9a549d70db4e7ef642c84584111b5facd3cd7bc0819f982a8f513fc00b8d6dbf1785f3fb4b34c8e1da1f686d2724cca64002dd417f14c34d0ee207

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f2ecab67094c3aa9ffc7f65757b01d2c

      SHA1

      c588cb9a75e78ce077e1a55b054412b2dcc3397e

      SHA256

      568892727ffe4978f99261c442b71372e51a32f1d2e344fce42644688242f24e

      SHA512

      d7644af0ea70de32792c30674c023a00f6695a4f10a8e4b5555e17853ca9779a085bb194d102a92c8185bf5e8463b1a76cfb207b4703b07c3afdef37e27f7553

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      57441429b341f56f60e37cd753c9c805

      SHA1

      63c1af48d13e2b0ae92bb0e5fbf5b58307d4f010

      SHA256

      943e92a576ca19166166a88c449b3faa164cc2bf337612ac837f2b46f085eb7d

      SHA512

      543835735f18a258506ae2446da152e5ca10c5e2da430cd09607a613724e96e235aa39c018f1733b2fe7adbe19086edd52b6683202b15a153b1d83a47e17ff0d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8fa30a35f9f0587bd758c1a234552564

      SHA1

      47387678672da1f683c71bd37f3ddf3257c452f0

      SHA256

      474e220f54cfdb1cbe305f0ae64df6384acd6e9dc23c665d2b1106a969083d7b

      SHA512

      224a324a4b50616f256e622d52361bc016fb7bfe9205400a354b7c2c426c6f0a10ff991d73944cc3c6a7f9e6e7cad3f143fd669aa7d3c16f055a2fac2bf02e68

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      efe51378b9888a4a223f00515d39d5c2

      SHA1

      faa8c4b805f6450e79337921e4688d91c792ed93

      SHA256

      be5ae3a8bc12c2962900118bb42f17960c478c1566933d8bc7bade4edc07e2b4

      SHA512

      5c93fbacd77a3b784cf0cb976e9a13ad67a449dded0a48669462744a39042be39d82fa725ebbe8a4b9b8627d689f78003a92a9a9bde5297d19148d6e19e7811c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      088612f5480e003fdff1b0b8e6ea9614

      SHA1

      583fd105a449da7458a6e8109455c647c4064aaf

      SHA256

      9b4a3d32d550a87b7a08d659db9a7a61d8f4087492a7505abc30d8d5e2288a82

      SHA512

      1c233b0eedc486b0a82806eea7d4d1c20d86d8d49a64ad1a9f21bdb8899c7e04e340cae75ec2942b31ff0c0a1db88e0ea37d47dca7a513a71abe20b35865a582

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab63E4.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar64C6.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF68402CE92A117265.TMP
      Filesize

      16KB

      MD5

      0984f60e3141eac51417fe0de00a0572

      SHA1

      b4fa0d67ddae051cfd5cb5f270bc5eaeb8f96515

      SHA256

      6d6d21f6fcc089c35e5510a3b5769bf55f281e770e7cef5bf44399a4fdfa875e

      SHA512

      6fdaa0be9a355089f8fb3dc86d85158ca916d28caaf5c56ac856645920d5e20b1cf18e6f6d671c14aee45d9e926dd1bae1d115078e807d9d1db05c24ba8a9e57

      Download Submit
    • memory/1724-9-0x0000000000400000-0x00000000004E5000-memory.dmp
      Filesize

      916KB

      Download
    • memory/1724-497-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1724-1-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1724-0-0x0000000000220000-0x000000000022C000-memory.dmp
      Filesize

      48KB

      Download
    • memory/1724-2-0x0000000000240000-0x0000000000251000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1724-8-0x00000000004F0000-0x00000000004F2000-memory.dmp
      Filesize

      8KB

      Download