Overview

overview

10

Static

static

3

6f17cb8af2...18.exe

windows7-x64

10

6f17cb8af2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f17cb8af257bb7c6615e816bbf6fadb_JaffaCakes118.exe

  • Size

    455KB

  • MD5

    6f17cb8af257bb7c6615e816bbf6fadb

  • SHA1

    7fe7b570aac962992d5815bc41421e0f2b6b90fc

  • SHA256

    7bbc9037261d07deaf8f6ca83345e679cd105ddb62361482e73a2f53f23f182f

  • SHA512

    f1631db833c9b14ee28b55381a1e9900d4da320fb6886c5925f8523dedb37a898340054b1cc0ecb0601bcf94dc3e06bd0903e1be61a2aab0c81eababcf2f9b43

  • SSDEEP

    6144:pk69oa2DnZot8e/toa/YhFdBtH9dXfZNJIYb9eHg1jgw:pF72DnOt1N4H9dXRgw

Score
10/10
gozi3183bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3183

C2

v99jarret3287x.com

huymireyai.company

so64a92elody.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f17cb8af257bb7c6615e816bbf6fadb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6f17cb8af257bb7c6615e816bbf6fadb_JaffaCakes118.exe"
    1⤵
      PID:2220
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1552
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:676 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2472
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:792
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2584
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2568

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e2261ac8b4fddc3a6ed46bbe71c5edad

      SHA1

      1feda1993a805201fa871e04cf2d1b4be1992b25

      SHA256

      36215e7a7053a18115dbd3d38f688804908db2c96a7facd5416e2a0dde019caf

      SHA512

      0a128052aa4c4e8afbac5ae8849bb2b8cc58bb9e3da85def1d004fb7e03a3f8d1d69cd83c568f7add3e2b21a59b531b3cfac6cf76bf9cae8381eda3075e9f376

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      01d659e1c0999abde47f9b98f0af1dbd

      SHA1

      662862f612f35b9e9b86ff7956fca293ebbe1a5a

      SHA256

      552ad4dbdfa7e74e44c9990bad24b87ec4b2d561a17d0095a1797f9566a26181

      SHA512

      4a9d6453a88a7d7e0baf5255cf338e6f55374cceeb5f55f4fa8a6668689560fc80538eceec7afe8154a40c5411622ffe1fc63a281ed1d2df668dec591fc58c8a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9eb956a07b2c26da6e3e53acc3710cb9

      SHA1

      a2fb75ef3fa325ed1fb42d4c5b821cd7ab885040

      SHA256

      89b9f555855f7c119bcf637639bb6e99eec0be17fe5bd98225ae911cba499902

      SHA512

      45d08d268677f92230672b527f201308fa73eb3efe73b54a7c397483f82db8af76f66b10c233d1152e6d3b0f3fff36ea72983a4f11a94ac1295a858c84547f19

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b2213d799c0d86ccd7634c3b3932f355

      SHA1

      2298cf0cbbd0271c36ff65534def04edeb07f533

      SHA256

      8bfff855ef9d9b3b67ae6007c3cf15cada5bf1ae4e47a67efdfd775ba540cb2a

      SHA512

      4ea153df4f740598b7daf20127962ff793dfd25dc63de44436a473fb623b4d289fed992c409dfdc521cb8ac452bbe4085f9f21548d25fab604bd8bf82dbb217e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2168ce3ad5867784a9eaccff8dcc5872

      SHA1

      c22f49632d83ecd56da01b98685919956bd1ef56

      SHA256

      a79f68ee6ccf29f3ab1266df74da09dfaa7961077bd08928e6679eed201d46df

      SHA512

      de6db73b65cb2987dfc90183ccb154e5289720e5cf823fc80dbc6bb5ac7ee4c1253d99ebad1548e86e7834087fbaa00ba5f1425121c8f100c97ec20f521c6a13

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      205cb34f8b767dcbed5c2df81da9689c

      SHA1

      e7d364e3e56df59d0bf0c1350114fd3483b75b4e

      SHA256

      df4783ccc0cc37505f2798583953239679f85f26e03ffea3fd5c5dc906b61000

      SHA512

      4a084891a864d891b9f2f58980e559c9ea07d04af1bc0f1a1127e7ec6b950e1f23f974f0a37472ca989649d9c09f825d614f46c9f0d843f3683dff2b8ba4edca

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      70d1ea325cf995436d5e02268d314fbe

      SHA1

      58bce2d031ef26420b9853c8c05f72cbf5c72298

      SHA256

      f30b416c588f300b61a078b631c6d349131e22e27af7838546e81bbdac96ab98

      SHA512

      da4a331af54b81b2f6d8ad7995c83f2ef7c4566bc632c3105e47158f0e710936d00195c2fc98183a57fde9814701bd57751b825f0f8e9f26dfc4ba43bcfca5e2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a037d62b0df7297735cceb2227f50b1d

      SHA1

      78b5ac06b9b769af994a4c9542b67840e9b91022

      SHA256

      20d0d28cff6f8e1fd92fa5fe0bb2b9a9124f2aa8c0b291726e9dab9023429943

      SHA512

      0c3e96748b1e2dfbb072010263a32a9534c6301c3d95606599d1d6636008a986dfbc5ec2152236abd41ed8645a0f0d7df5ac6edb5a8072588a352d03072b11ad

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabB33C.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarB39C.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF223BE9C59FB0AFAB.TMP
      Filesize

      16KB

      MD5

      75cdc3094cde5409222c4fdcf5bc5b06

      SHA1

      5baf0f4e90bad26302740263bece1563a731d176

      SHA256

      90e0f196f07ed82ba88ac677886a3cd8b9ec89ba6227958f21b95e04188fa666

      SHA512

      37e49e2ad139236ce8b383f71d994aad2f9d52cb908a9357c628af174da662fa4b5db361ec3c55f1b0653e5bdd08a276279744893e4af09ddd8d41e31af6cf93

      Download Submit
    • memory/2220-8-0x0000000000220000-0x0000000000222000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2220-0-0x0000000000020000-0x000000000009B000-memory.dmp
      Filesize

      492KB

      Download
    • memory/2220-1-0x0000000000020000-0x000000000009B000-memory.dmp
      Filesize

      492KB

      Download
    • memory/2220-3-0x0000000000020000-0x000000000009B000-memory.dmp
      Filesize

      492KB

      Download
    • memory/2220-2-0x0000000000069000-0x000000000006E000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2220-4-0x00000000001F0000-0x000000000020B000-memory.dmp
      Filesize

      108KB

      Download