Overview

overview

10

Static

static

3

7525a0139f...18.exe

windows7-x64

10

7525a0139f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7525a0139f7b28d74affe5c9b112ccde_JaffaCakes118.exe

  • Size

    155KB

  • MD5

    7525a0139f7b28d74affe5c9b112ccde

  • SHA1

    91a9b33517531ae03b3b05e44c721508890026a4

  • SHA256

    1bcc72682dc5b2652f2ca16cedfbb5b693c2e3b2443718e59f9dad4f7d566e29

  • SHA512

    7fb22d168712689d175ff64ad6c955dd5d36dbac1203f5f0fade793e604cee88154a29f322e1d2d3254303b48fef7971845f4f8a4e9750d2a681f113ab475837

  • SSDEEP

    3072:4Wuk6BU7sniep/j4UswJiNsRI4EwR3WxUIuupo/KuXkwIEnUaTii5Qi37Gq:4WI2wiep/j/2sRI4E4Wx56hIlaMi37X

Score
10/10
gozi3492bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214098

Extracted

Family

gozi

Botnet

3492

C2

google.com

gmail.com

lsammietf53.com

p28u70webster.com

ploi7260m71.com
Attributes
  • build

    214098

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7525a0139f7b28d74affe5c9b112ccde_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7525a0139f7b28d74affe5c9b112ccde_JaffaCakes118.exe"
    1⤵
      PID:2456
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2172
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2064
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1564
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1608 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      83eb8dd952034843ef2e0f6cf1e39ff0

      SHA1

      2a6aef6857ceb01f0d36d33ee966b155b1c6ca07

      SHA256

      0bc79546523686581be8522443c291d496b47b576e7695d17ea22cdc020ef8d3

      SHA512

      035bda3506ac85113e5e04a7b7484622eccfdd3440ea4aa467b33933e160b8b5525aad3680a8d981ea3c0c9cda5f2f11d48f12e5b3a02897553de054f8bbe15b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4f644d9552ae0e2ce6797f4c23d1ffec

      SHA1

      1515a5628f5a82a367c24416fb4f525f84d503fb

      SHA256

      b4675d9c3b215d409ae97822018785913b99c942e2e9703a15015e068d313644

      SHA512

      653b4597b99b2c8d0f714bb3f3c32e2750fac410568a51d8adda8ca4a5a2c38d17895eaa87fb506bdaab35577b5d34d5cac712d7d6aac393cb0da92de9039b41

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      560a35e5eed7a0c295d96c3ea74eefac

      SHA1

      450dcb189a75c3018f9136a1f10c8490d5c22d76

      SHA256

      88c230f309665ec1616a3a7df60e03b912df226819d30a7c1648d223d2b0705e

      SHA512

      48969c304761204be8d20c073ff89aeb78e1cb4d285a0d1e6e51e8081c51d0f1a695ac4a6757aa4c1b3a1c6952e0ea7e6573c3ca0f46e8ca2d1e332fcf35328b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4a79ef65063436b8c7bae285fd77bc4f

      SHA1

      a772289ed5599a12ab88a892dbcdd9af97b63478

      SHA256

      161f309df8b7cf72ee5042c2a4a923942674f489db2791730af32328f8de8ede

      SHA512

      5b6ea74e3994cac2d42cf04b86e152799fe7754fb8334098dccb45f6383bc0bb1116fcb5c39a48006d3cfb10653c0fa62d11e33bcd23ba1b95080c592f516710

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3ed1e70ebd7ed3ff4ed6ec76ae7aa197

      SHA1

      edf13b62cfc518c5a855a2f463ccc214fd348316

      SHA256

      4bb55d05630c0a492506259e1e497d8ff48f4aeff618baaa87152f4f05a28f66

      SHA512

      88da6d48fc17bb0242b8aa256de2a3abfc0e4c6a957f46ef44029728f598fe5e7bc1b46336bbd009b28b5c9d9e5fee518cd776ff2a5c9ddbeb938ccb77bf4646

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6587197fe5f8e1995715e5760faf8c22

      SHA1

      8aea14b03868097ee794bb069b7ada798d286a99

      SHA256

      292a9624c7b98964b881f8c85f0f0dbe7b6c8891b0fedce389ec29c48a58a88b

      SHA512

      8c5bc009c61c934cb78549f351bdf2842ffe82988cfcd2a73664fd3357e12b4d7562919c706e06429e33f5097ecfc914258c14a7d827569761875b7be6081aa6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6cc5c29db901d94e550029ed9fa1b1a4

      SHA1

      bd59799503f5cb50b26ba3bbc25c2f76301f9fde

      SHA256

      d14291a136b81ee341f49697201c8ef3f1aee7a4f68759ccf76c479e73a091ff

      SHA512

      02f8a4f2d8cf16258b50c703534cd30df476ba092a86c3d8004156fd09a460e2761863e32d7fadef591fb4d44fd9d1d7419f588574336b72f867ccc6b14eab05

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d9e2fbbd08700e8a08b8a30227647817

      SHA1

      47e2bc61a284d0a400a808e2fb55e8f7acd65ab7

      SHA256

      de0f4ef00eecef7fef9b70ecf75acd3c3b86a770cbb2c2858b123967dc6777e8

      SHA512

      d9e619ddf3e14a909dad7d9ccc4af0e339ef2e67395f461a3177008a1f45f46e5ccfacb2dfeabe20838c591776adf48495b02a9e377584f203049d417c56d5d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      68ec0f79e95443071afa70249f2b6313

      SHA1

      76a52e4930017321c908d76da7137e7c32e45da9

      SHA256

      ae5dbf1f975632708710d20a9ad63eb5448b71eb511b442f917d360f24a3d2ea

      SHA512

      ad4aa7e6ea6800eac1ba6e67871d7088662335b39dce4715e67bd3a87ce8cbbaf838846e0a91b8dc385aa7c91c12252c2ecdafcb810931efa0e40cf700dc3d9d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7E37.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7F04.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7F29.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFF45A3F776C1539D0.TMP
      Filesize

      16KB

      MD5

      df68a3ead438ebde588b758932be1336

      SHA1

      c028368d26b3b0008c6e14da87fc928680e11cd2

      SHA256

      09c75d97799ccf3230281b915e749248a18a5c5ac440747d75b7b5c6d6b22904

      SHA512

      be212d0179bfca304b5ed03332fba274cca78f6d59d798a5f02ea8d769ef800a3019d1492648d549f6f2a410059b8be11e8ad123dfd6537835b759a73bff1fdc

      Download Submit

    • memory/2456-1-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2456-12-0x00000000002C0000-0x00000000002C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2456-5-0x0000000000240000-0x000000000024F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2456-4-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2456-3-0x0000000000428000-0x000000000042E000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2456-0-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2456-492-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download