Overview

overview

10

Static

static

3

74e74dd391...18.exe

windows7-x64

10

74e74dd391...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74e74dd39102936cc43ba684d320d94d_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    74e74dd39102936cc43ba684d320d94d

  • SHA1

    ac13297cce2c778067d54694722b518bf327a22f

  • SHA256

    d9cdb6b8dfc741909d2e2734cd2d89cfcf4b99bb23e6d91a0abafa97b4eb4011

  • SHA512

    235205ad40fbd3209f0bb90c3b3d63dc97abc388e733d4463267c16ab51380146671eae4bbba1d82860e525c66e50ca5cbebc791e4590865f377c4b5637762f7

  • SSDEEP

    3072:97ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Pdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74e74dd39102936cc43ba684d320d94d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\74e74dd39102936cc43ba684d320d94d_JaffaCakes118.exe"
    1⤵
      PID:1704
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2556

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ae441d9094eb99d3b9c600c6fe9f68ed

      SHA1

      acf7b2b87a7eece690df595272a3f5c73bea92da

      SHA256

      b45860a4e10109423e084936b2b424da7aa5495233552694e637337e0daddb73

      SHA512

      e04bbaedc121b72419466d6bdfce18fcadb25658f63e451c1839f1d419087de7206df2a1a84d90978989103e8ab58b2bdccb985917c0b2b851d64f5e9212aa32

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e4690bda6fb7ae744cfa0954b98b0a76

      SHA1

      57184e0c9050e8a75523d152ba633d8eba8090e1

      SHA256

      d90966a2192e1466a1230adf66aa9eed189bd941fe74e2a163d2856ba7529fd4

      SHA512

      155f593c98f4288491912603f6b3048cf0c8c00676b5961bf7d9a8d84bee57af3c16545c3a9c85c235d8452b5a9bc8b8962b1d51530a79a2f1b151d3a4ced36d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      32981fe9d101a7f4ad038109c928cfcd

      SHA1

      cdde37e41740034e9df095cea1dac0663ff67e5c

      SHA256

      712e140261535be6353013e15695d28c6132c45bf575ce2e199849080fcfffb4

      SHA512

      3bf8a78fea813794c7b962e3c39916167433ba5c425cdf021d55f2d7e4e4a92758a312f9e68f355a79bbd4462a5b795596f300c1004cf47fa3452136d7d87fef

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      93e02915c35d576fd66d858560015712

      SHA1

      bfb1e495a37959fbdaac6f77020d7314754d81c7

      SHA256

      c97602d3395ed00e3971a62f9ac664f9594f71a7bc00484ae1a6ad74eddbdd24

      SHA512

      4ae04abfeecabca8aa0b386e114a8c11475e8b2f41ad26c44545f89f40e9246e1c0715c4498ceaa357ae960c3832eb63eb2427f93f12d8779eb80fea4cc3fe39

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3790693182943abda207d04d9c921d38

      SHA1

      201d01433c2cf9d29ef5283e58f30d246a22555a

      SHA256

      9a38aff6154045b51a4a37be038eaea5bad568178a29b4e3cdf7f76a2366b6bf

      SHA512

      09eead8141addedee11da0cf3922ba678db401d4b59fd5327a8497eae601a64b8bef67aab4f041926b06a6d85db1124c27786fa9a2e34a4f5141d55e2a27db27

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      45f3c855c148c4c0d5edf96e18bec205

      SHA1

      355af37084b5008911ef2d2e6cd41f1f4938fe59

      SHA256

      c877e578774687e9a6e0959e4616513d27d2c4cd3fd60d695ba279539998b127

      SHA512

      441118434652ffd8b9b793f4e4587b9bc60d4ae0f97aa238ca552e7536b96bf681f50ed7c2a87d69514ec52d092e0be40f242c5e219f5759068bfec82cf16888

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4d7cd3213eaead71b7329cf75a6fc942

      SHA1

      c80456ab2d54b460d9167d4dd890d5d0e1b0468a

      SHA256

      0df965cb7645e4898cdfe26a7fae96e170e26b6106b86bffe50b686cfb119bed

      SHA512

      37b771fdba50ce10616ab8412ff18737d9f6d0837f1b5eef001201ad271b6f92713fc9db6bb8031fdb3ebd8ef73b5a0dc537fe905aa2cfe07fa7e5b72ee13e35

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7699.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar76AB.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1704-4-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1704-53-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1704-8-0x00000000002F0000-0x00000000002F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1704-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1704-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1704-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1704-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download