Overview

overview

10

Static

static

3

7ea90e877f...18.exe

windows7-x64

10

7ea90e877f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-05-2024 22:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ea90e877f1187b11920128d6a3a1574_JaffaCakes118.exe

  • Size

    410KB

  • MD5

    7ea90e877f1187b11920128d6a3a1574

  • SHA1

    44e3dbe0b747c760c8623e3f143a7eb3bf76c972

  • SHA256

    e47a25808624969f88cbafc9de3d49b3fd41b616fb28fe3a1e344341d4777671

  • SHA512

    c527afc070058e4333ec819831ccfd44e4e46f3c72070074117afe51ffdf7144f544ad37d07a166be49131bb81e5eed1af6b7de2ea41ea745d2f3f0cb0cdaa47

  • SSDEEP

    6144:O3lYafWLlGXxnrgsVA6WetdjDUDSNuLBRxFqD89ciXRGk8xKsR5F03SkoRHT:OeGXh/AReLnuvxUDqmVR4ikoRHT

Score
10/10
gozi3179bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3179

C2

pyilgdamion.city

k13zraphael.city

xyawnat.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ea90e877f1187b11920128d6a3a1574_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7ea90e877f1187b11920128d6a3a1574_JaffaCakes118.exe"
    1⤵
      PID:1964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2432
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2292
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2172
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1176

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      1deacf0be34e9094c3b4085ff2cdca5d

      SHA1

      177e21e70675c0d6d754fb18949fc3fcab118900

      SHA256

      08acf510175f15cc94f833c510f1a23d3010e6475bc41986bc80b6ad275f3359

      SHA512

      711e41f808fdc5b64e960bb573ef8e2c3ac8f829771d46c9e9b60a37e99d66e18910cbac008facf4be0533b5b506dc4bd31e2153de0a56dfd7ad0d03ed412e65

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      a06e9a8a7a9b287762938d90bc19c34f

      SHA1

      4c4b5c8a13e60ac240fa4634b5cfd239681a9623

      SHA256

      c3d996b486c639bdd4a26e875b6681379630d4b69f4edbba7ca36667120cd129

      SHA512

      1ab3947e5fb01336b18e470f089b432a37254ffa05f3918a4eec8cb9fff7cd46c32c3b18d75365372f71eefea52848d6d462ef70220e9a6b160bd9deac882192

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      dd964e1ca153e5114502152e749ee2cb

      SHA1

      b9109f590933c547482a408e116b0827dc1b75e9

      SHA256

      064bb8d0140ada187c03ec80953518d8bf4edcdf0db87eb6b58815ab5076ddae

      SHA512

      62d16a8500c23e4d02d78a23dc53288813cc538f89a470d8e72ce0d8db062dd979817bf55b2b4b8463fb432b12499c003d3de0de962a1c4c7efcc6302b23618f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      0c332b9cce7db99310ddefa378371b0c

      SHA1

      4bb3e887279b5c65c4809a71bc8f75cef3da0f6c

      SHA256

      ad982dcbf7de34fbc1cceb0eca0422d31ef602613784c5ab8624b680785bbaa2

      SHA512

      e75947cfc5c886d27245f95f12908c5252132bb7f8bd73cf9b930d7d009dea2c9e940ba6650a5c93c471c4d8278be77f49c3cb1c6b003f96e95e65cd7243250e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      7b561b985240cfcdd9240bb86cd5fc15

      SHA1

      bf51cf20f2b9276be87179c2edafa55d206859f1

      SHA256

      21ed9b32506b1f4e1c4f818a09634fbdf5fa3b1cf128fb0cb5b82edf05804817

      SHA512

      32b4a70322c7807e6b63d3309c9d2842405453abd92a534fd1269c91c150b6d5c57e516578a046de5411fa741e04d660fe6018e320365ab6364e440e67a3d19d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      9a3dd4286806012cfa1724e9c8525fcd

      SHA1

      f719ede954f2e0c6dafecceba8570d20a380b346

      SHA256

      3cf34b10b15b547c3d2d5732e2d5fc6b6a0e8c14ea08ba41d699d11f1ed9e136

      SHA512

      1c4f740507e1440d010460d9c72e2518a1bcef2106e649c48a082e179dd00da872c2e241aae97e8c9e52378033b9608b06dbe8d41a9e53acd5f8925db69f8efe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      e8c0e19dc313455ad52286be7e3ebe47

      SHA1

      65e0f6e24da39b76495f3e161865199e811b4cde

      SHA256

      43246841b5005228311ebf0b03738fb2bb763cfaffa0ace1fb2c69e18c773240

      SHA512

      b857b26013f44aaea290b72d1b4c2d1eaf70a8203aa5e02e36e098716500d6e8613b4f028ccda0a6ebb09eaa63b4d773e49720da1b703d1dba3d335ad22723b6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      d1e991a5f89c47192de4381e61659c20

      SHA1

      42e887aa852680516818378710e133406ef1e168

      SHA256

      0f56d726baebb523ced6ac117a2da9e8bd7331c499cb4b00e4444dbed9971be3

      SHA512

      c1c90dfbaa76a1ce0d3e40f5ead834e7f713cb1ad047138bb1fd3352ef3f078581703c8b09a5beb955c7062d123bb7322239972738b087db427fed8ba3e94d3c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab930D.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar93F0.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF57B27AE9C5BD015E.TMP
      Filesize

      16KB

      MD5

      ff89d29001240e6a55680cf0c3a84bd3

      SHA1

      56347bddd3a49dad4006769ff5fc62b690bdd3ba

      SHA256

      dffd905b1079a4f76fa308b6ff3405e694e163a0971fdb702ac718f769194c08

      SHA512

      7439370e14d436604c32512a40cee1a5e2fd4ff3e0f0048954681b9e53ee0e233af8ad9569e62dc423d8d80f2457fe2d64ebeee87ec900fb1c8d22dddc29c6cc

      Download Submit

    • memory/1964-1-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-0-0x0000000000400000-0x000000000047B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1964-6-0x00000000002F0000-0x00000000002F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1964-2-0x00000000002C0000-0x00000000002DB000-memory.dmp

      Filesize

      108KB

      Download