Overview

overview

10

Static

static

3

808615a64e...18.exe

windows7-x64

10

808615a64e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-05-2024 11:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    808615a64ee4bf4cdb4d9d34eb29b0ef_JaffaCakes118.exe

  • Size

    547KB

  • MD5

    808615a64ee4bf4cdb4d9d34eb29b0ef

  • SHA1

    f9bba8e3c949b29a16825547c67f7e77f346dcf5

  • SHA256

    b8372f8b7dc2f7b249fcdd8fd59e8f3e8fd719c581dfe1940a79918b06c6cf74

  • SHA512

    28beeec7fb1664c150a56f9935ae444bbed00f0aadc4bd4d575e322c5fbff9df458d7dc182705a20c1435209818103842cc0620e855889fb7b1eedbb7531c01a

  • SSDEEP

    6144:uVJt7IsATy65KJZnF/gYdpOLwgF/lauaS7tsPUF18avHUwAIgJ+ke:uFTM5utF/tdpm37tKO6asJIgJt

Score
10/10
gozi3187bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3187

C2

qrodericky94.company

g77yelsao.company

tromainevirginia.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\808615a64ee4bf4cdb4d9d34eb29b0ef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\808615a64ee4bf4cdb4d9d34eb29b0ef_JaffaCakes118.exe"
    1⤵
      PID:1632
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2660
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1988
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1584
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1584 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1928
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1440
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1744

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a992c91c682622ba337e3e020c411956

      SHA1

      190a21722918268e132d6baa8c928bdf9b5edd1e

      SHA256

      a2fa8393afdd4035d2da0b4a86376df1872e3bb332472812e2bdeb5da458c593

      SHA512

      fa79ebcbdf36fdc5c734a3edba106b3a3dfcfb50f7210729d16be1484b7d1f5b6a7f368bd8af896959cb3c98251a194d9702cb66603d5d74d09d1a882998757e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f27fbb983f5c8736c396767b369fc44a

      SHA1

      ad9e48de4d0c6018d99424e4abdf20acfdeca55a

      SHA256

      782e424b5d9823e7591ce8d7b56bbc57c5457c8dc18eada9948150858e9d04c8

      SHA512

      b5568970d211ec2f6f06df103b179a0f7263b06958a59bcae8f7d0218bc2b4b0486a623641f9c08a100bce8fe3224c3759d468c063f5ce927cf00a77754ab583

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dd0b07a3dd9ac1c3b172a74aa7c1567e

      SHA1

      da1aa14d54ac30d63585eecbb1cdfb55306c582d

      SHA256

      f0eb495b9e78ebb549fe8384ff72939d9747f810dece833feebcd0ee6c2805cb

      SHA512

      d2dfc2948eaa201dfeb59b330661c272377fe77fab47d43329048f09be264a2a8f4bb9054b15a584dfae0e4d9abefbb09a7a13a9cc2c9ace3919e9735df42195

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      62cc0c36b1fe7a981cfc9c0898759fd9

      SHA1

      f8042c6e4a0363744a389fa54b1817cf7f5dfae7

      SHA256

      fada1762a6d600e3dcf1b96db1daf60c128c002fca2e9e0f99131a17bfdf254e

      SHA512

      92557ca191c3267315b73ca02e322e882819d7dc198a7f908df1be394b97403d41c2ff29576abcb33172095f4aedc02d504ea555d10a5251fdc4357fec7257db

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      125ae38d4ae16bc225f0a87f4d5ae209

      SHA1

      e73d3da9308d2299522e29f6d871b924332ccc4d

      SHA256

      7b431bbe77ade276af6567da4e3241a043cc0d5cc7394528689639a116e9975d

      SHA512

      c089f4e9752175ed3aab62e68d690240191767032bd6181e7ef417163cb2f9a4696346ed720b9413e821d36a09c8604d5f830c421358fd3c0017b084200bbec2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c2c7cf6e29c1202a7c51a19ecf73bd19

      SHA1

      e2f1fbf68f3588e36afca3b3c5bb323f4317a8d0

      SHA256

      88b8c37e8473c6434d7210c9a9f759b9679b781358ca4aa6b47bbe07f350d963

      SHA512

      fc101dcd0ff31bdf7a33c3bc673b439174ce047b14020b4d4f2d59e1c89e0190b24f6128ab3fa74c46d80db036f60c87765fa1982a5df0af804b9c786d7e62c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8a20e25f3a66679960cf14ce039576f9

      SHA1

      feb920e6de94b19a64deecb96047cccedf587559

      SHA256

      adfd0e17497316442e090764a4751b6662ddf702c30460f2d85e40bb57a1eab0

      SHA512

      f7691c00862c87905baf1782f70b536ec5ea792ab30f0a3087382db014f4134c6dbe161c4862f3834fc28ae8192fce9a9c678c19171667d68072a629403686ad

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      00ecf14f383dfab85a26e1e0bf30d0b3

      SHA1

      5abe6eb2b608dc41df6eed0192608498a69c01eb

      SHA256

      7cfc41a573ebd92e2f2065f453952f77cda9f8e2dce9d0a0b3642f96b45b53e6

      SHA512

      c6bad1cc49870f1d396c2073bf77846d95347f8657c0be98504a78cb514f10c4e7ef04922e1903ba1e5738c918a03a4acb37aaa2b2232611604a04f0ed69878e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c7fdc1b6087783b0b5f424c933b18768

      SHA1

      bd6d3b55e3ade57a58734dd1e9f76b9eb7df40c0

      SHA256

      a2c872ec4539e64e330e77f75dfe9a98125e610c94653ef5a454f24369bc6cfc

      SHA512

      31b7c42c54557b49e3232d50f5cc4f53ceab7cd655c60020a232165da92ce884e586ba60b94d30f48052fd23b1d127a2abc07ffb548cc6b492211c0a9f7c95cd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8F19.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8FFA.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF56762E4750DD7B99.TMP
      Filesize

      16KB

      MD5

      1e35ca5f684e1f1c5b85f043a0c02150

      SHA1

      a572501b4fd40c3ea3112e606c6b6638e7af6a67

      SHA256

      4d80c9f56fb0bfdb44dbd5b299303cb2c4bbe4c9e675d9a71c8025cdbb9f1a00

      SHA512

      b2091b149fd41ad0dde5d6ebf366db374a6d8c72b84a04bea3d0cf6852ea24f73439a06af469ae8c998239450533a1821020fccdbe1c0cddfb690f21d2d93ce4

      Download Submit

    • memory/1632-6-0x0000000000200000-0x0000000000202000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1632-2-0x00000000001C0000-0x00000000001DB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1632-0-0x00000000013D0000-0x000000000146E000-memory.dmp

      Filesize

      632KB

      Download

    • memory/1632-1-0x0000000000190000-0x0000000000191000-memory.dmp

      Filesize

      4KB

      Download