Overview

overview

10

Static

static

3

62267f60c3...18.exe

windows7-x64

10

62267f60c3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62267f60c3b54cea03550c775f1ff77bJaffaCakes118.exe

  • Size

    648KB

  • MD5

    62267f60c3b54cea03550c775f1ff77b

  • SHA1

    7a8bd504ca59caa8b6e1f5a514d2366041e55384

  • SHA256

    8c2d6150da1adafe53b069a75008ed470d96fcccab463254e916c9606a18aaf8

  • SHA512

    6b8f380fab0c29de9340645ca2e39682fd95948175dc6c2be88a05f7194a4ea5fa2869b074e88491edbca84db29d9af9f41e8b22788ccb408441f4846dbd5c48

  • SSDEEP

    6144:Q5mTEbUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEb3kEDnQdM9rEju0TH4l

Score
10/10
gozi3189bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62267f60c3b54cea03550c775f1ff77bJaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\62267f60c3b54cea03550c775f1ff77bJaffaCakes118.exe"
    1⤵
      PID:1904
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2640
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1672
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1532 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2576
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:276
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2044

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c7f9f632b517125745b287dc744986c5

      SHA1

      aedb40fefeb9ab9b11c2896b064d5145967ecd27

      SHA256

      5514298afb54cc09ef818206255ff0d0c48d722ca20eecd62950ba8f26114b80

      SHA512

      d5a61ac1efa46e0ee3644d4922300db5ab97dd531695f8ecfafd98a3b32976701cd69fb587ebb85315460ebbe4b4ed9d13600dac80230a9393b74f221ad6b687

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      20749e0fc3a1272c34f60b2bf3e9a8a8

      SHA1

      e2bef55046a50886fe5857b45727afab2e6e2b15

      SHA256

      817f3dadc42bc3d57e921af0ebc3cdd1fdfdf2dd0e07277d84cdac78c4077dfb

      SHA512

      fc735f1423efe9d9c1747c3fe32957817d8c9be0ea26f83c0fd126823486d78c2655e5e59566943387896b258e9dccc9e26c3f6aac84b0376422ad975cd4256b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      61e5f653f5e887cd35fe116508f86ad7

      SHA1

      816a315bacc718abcfde4d5a2ff1ec8c113ddade

      SHA256

      8fa8285aa0ad55f5bb83267f8e2a80525e385e8c9dd302f4ca916b83400bc740

      SHA512

      ecb46bf0ad839182cab0c3d924596c2f32e64460a7a3635b2530b8e8017c13d8763a77d423ea81c9a41959941a339343b3ac5969665bb587dc1bce0024c9be79

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      38d75b6d238d48ef92868793446d7024

      SHA1

      12ceb3d113d572884df7b8fb2558a41234b2f514

      SHA256

      e0fdc7a62c783f2a9ef8445202fc29cafa67fcbd4d7a3e110a0771c1caa6036c

      SHA512

      df12b771d0fc7a86ed725ef2442474f63554404164795027fad4c65ab322154f696deaeae6c0e3ce1e0b51de97ee667a96581f656ba060288047f2bb2f077d03

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      78cda2d62b8c4d73a0124c2e8e9725d2

      SHA1

      8821a9075aba6d3d3b0c35c73d5ee5739c5338aa

      SHA256

      b77800a531ccc1f9136fa07843075717c70e5d6fa255d9bc2fa862bd97740767

      SHA512

      9682e887384aa637438a24331ed52f7833a788bf0f2cab2fa4ff1b1bea668e3b8fd74d1d66ff1faa87e4eb3dfb4a23d92cf251627d6b985ea45d8c4ce2cf51c8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b629ac312685825618f36f5adbc5b8c3

      SHA1

      5ff295c28927069ee3a9209ead53ef0c7e703370

      SHA256

      b87db5183e5e6ddf97c985def820cdd6a061e466a4ba485a80283f916a7c6796

      SHA512

      21bf2fd97df12dd352ddf1cf1a20c0d02874fcaaaeb944bf9ad5cc57b56b0ece880845a7375c08bee60bb535a591eed2bcab1c7b7ded40069d8dd6007daaa025

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      06bc445f0d7553c6be1ddc3882d01740

      SHA1

      dd156a8a29605d620d7397980c9f2912297127d1

      SHA256

      f752a44af197f239f232a9ba558f6cb85333f928ec8ad47bf1a0dc711abf0d45

      SHA512

      579aebe5036caa27e6939f9c08ef7aa187f326d19c03d1c7427111765dbf6f4aa804134e79076edc3cd97b40daffac85597a76bf95f1253a29cd62a9eb6c2e75

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d54eb95734d6a16283dc6c00f430a351

      SHA1

      9cfdf823e0d6ca4a13e22b5e4da45789da718542

      SHA256

      6024a32220d9d21406fc852125f090de29be79a6b3c0c4feaa8936a63322df50

      SHA512

      7d1ff2e4fa303ab7ef6437e044f050b19e17a6bafeade6c7b7bc4f2f4fd1d7b7efa0e2dfb536b51eae0111bbda3f7d3740483797f1c6d0ac22701ff1046a7e31

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      04331b8122237eaa2d788497aa506f03

      SHA1

      5befff4f4ff7bfd33fda75c019e0f46a6033e77c

      SHA256

      358c26fe497f5311359688d6dc417d92991c662e6f49bba616d1359bcb5f3e47

      SHA512

      13e9800207ab8cf15800234cbbdb6d561244f3a526aac6445e9a4f12345e3e4eb44a2a1eeaccfbfe7adf062503b1403fcf259ed6608c2d8fac08c61ceb3422f7

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9741.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab982F.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9844.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFD0533BAE2B3F54AE.TMP
      Filesize

      16KB

      MD5

      b34fb7b5d2330c8440107e5368db96be

      SHA1

      83827c2cc13ba1b9e849f5b15f17b8afc7d34c39

      SHA256

      4df890c63f9e0d503d815897f4cf87f48d0283f3cacb3fa971203a8e52d07157

      SHA512

      078969a7ebc4b525f20a00a09ca5d37f9e9a443503588a8ce824c08c0a15382135f6739b22fbcf54d9d9bf53a0503fb016a2585fd76a83b975d27651c8891d49

      Download Submit
    • memory/1904-0-0x0000000000400000-0x00000000004B2000-memory.dmp
      Filesize

      712KB

      Download
    • memory/1904-1-0x00000000001D0000-0x00000000001D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1904-2-0x0000000000290000-0x00000000002AB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1904-6-0x00000000002C0000-0x00000000002C2000-memory.dmp
      Filesize

      8KB

      Download