Overview

overview

10

Static

static

3

8105f415e3...18.exe

windows7-x64

10

8105f415e3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29-05-2024 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8105f415e3ea34b7eea1b662e4fc8462_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    8105f415e3ea34b7eea1b662e4fc8462

  • SHA1

    ef90ebb95d15c08520b4321680bfb1a7fea2bf68

  • SHA256

    7e929ea577c4497c8281f89ad21539f124ed5a0e7fb176a120a3cb96091c0364

  • SHA512

    4640fbb088efc11e936f7ded5851e9103eb5f881c295891d1869e1982e2219efdf656d2be4c5d020b40ae53dfe332b12fe33a69912a21637d3d1bd26b1e249ee

  • SSDEEP

    49152:4SuE3ztrqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3RqPKIOson6Cslny8WR6wOHstehsC7

Score
10/10
gozi3184bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8105f415e3ea34b7eea1b662e4fc8462_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8105f415e3ea34b7eea1b662e4fc8462_JaffaCakes118.exe"
    1⤵
      PID:2380
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2696
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2176
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:352

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      12bce128b4b1af2b3f518ae2a454159e

      SHA1

      653c60ae2c529fc79739e04642827e6612ce443d

      SHA256

      f17fdcaa14022649588f87b71235392abc19439f6bb8737c740c05fe19d32dfa

      SHA512

      bee69a483f0b8cfce0eca70f1c69075e19f2e07e44607593946c3dbb1af8debc3481c8ff1760cb9e8928bd01e49d5788b7f6ba28d2fda70b34233fa510cafc40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7ca18dca67a57c6006e3923ef398c470

      SHA1

      da666725d01766bb08bff70b5da270c5a73cb9a8

      SHA256

      e64a02a8df59a123f95f54fa98382dd1f52457da446def4ef291278c9d23e163

      SHA512

      832238abfc591c7ffc75bb3a48cb587e87cf9d947892c074b38a0d980f4bc44c84361cfae348fbbad923504f98deccf9daaa53c25b8b691441e9127bc6c9f9d9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      36a92ba516681426998a88d4ae294097

      SHA1

      39ccb307193f3a7994152edef687895c814f95c5

      SHA256

      4b12eff430e52ea3daa3984cc9d28af60d0a9c1fadbeb6112fb06e6cc3b15800

      SHA512

      19ad94d273b649bd901845f85c0aba79d9c459277467c1cc68c8469b94392759371737dfabec2ff49cd41b853baad18628b5a2a25ab7690d6a3b37d4e8138590

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d77df7c0fe48a4e2941de3b211ae704

      SHA1

      43062256c379c79ef5011ad1c5d1409250eb6054

      SHA256

      8178e982ad2bfbfdd68cd1e18623c31d792e7258c5c88c4672706606be6ffffe

      SHA512

      6933e16f91d05b84ba52116566c64da8839ad6eb58840914a0cbf70b9f18014c6f09bad52f7cab493388ec3df06e26492c2ef3fc22a8be02b3126dd562676b41

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      354c095f40f5afd69990be3dd7a6f9c7

      SHA1

      316c175a5b5b131f814bcc7e8e077c00e16f004b

      SHA256

      76c7a5f3a71a55e6b11d6902fffab0eafc7049012fac7699a03510af15833036

      SHA512

      059a0e925552a332b8d3bc955b502c5b539efcb5e9fd9af98af9b59b1e3487a8e33b0a085162932f6a97e825454433472a0720609e4d49a03875d28eb47a0e6e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      04f3e00de957c23bd72805d7d530d0b9

      SHA1

      d40295cd0bc69d7d412613d5b11ac7ff49f2aeb2

      SHA256

      5ea8398a1b456f680f72a5dd1b03ef83316cf354019472608cd5cd77a11c5cb4

      SHA512

      cc699bd27273fa5a873afdc9c9edd3fdaa007e91366639cb4c0b890ea5286e5ec68aafdcba8b6f9ea172199d7650d8ab8955f260c05b28a580c8a049ca3618e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      505aab670d940371c957d30020207fb9

      SHA1

      c0c29577678eab691f01c0b8d4ac4b442e7445ca

      SHA256

      89402e0f5d9ff68c3faf22969aa7e69e0d1d6cbf1e8c1785d66e56c93e7ca572

      SHA512

      dc1aa699c03884793e524484160dca14af8a222d334d2b39ffdc8ba5e86d5e52ab21c9ff9a00ac05e6979e9ee08cd9ed119d470234ef40f3fcea9a5698a0f88e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bd355c8a8a5900228c6c4e4d7a447099

      SHA1

      cd72d52ec9d94377e162467b199f9c1dc2c07e78

      SHA256

      13f8eba664967adfdf6fe544ac0752dff27c8af5f8e450e86ffaf5cc8785938f

      SHA512

      18df36ec106698f275946a721d2a3b821bee96b77f5debde40e7c59c2236d901bdada11924b58a128710c99ef631d3bdcbcdc1ac736ddfa995782128e137d892

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bdf10a4bcb8d122d1201d817354ee5d8

      SHA1

      416cae7805b2a0ed8077a65706249223eed9f59b

      SHA256

      263a52081671436bae4bc624cb75681fb13cc6d14affc5f4f6d39dc82f5237c2

      SHA512

      90c93e00d5d73f9af4ce25ed2d855c9b04468c0f6540ff817aff6806f79eaa390878da7c85fff75654896d0657409440505feb782b515689237c88c291fa6aa6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b69a7be163fd2b9bb3d85fbcde723acb

      SHA1

      69f4b097ebbf55cea6d93d27b8a80424bc7791ee

      SHA256

      420e6b19dc77c5cb4cfc247516e059be1b04b0c1d04c58986e77cf698defb810

      SHA512

      f4c960d68981e11561ffa28e25906e7452b0ce3cd0add24f223f98692f551ea068a0af6ad7b15694514910453db7c20008b294c631c2958cc93c8dd4dcd811e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a99d3b1bec223966668c8614d724ffb

      SHA1

      759e9d7de453e87a9ba4585f0128940fb0a40370

      SHA256

      8782ee36c8af14685d54c240f053d13475cb4b0e31faf67a1bc6b5de766729b9

      SHA512

      fc31cdd3249f0273bffb967efbbc39cff4c32b06e992efd1cdb095d15f3c9584adfe3527989e43697b6d2525f4f91827f2dc690dcd3faf3ecb9b07c3e970f9e7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCBBB.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCC3A.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarCC5E.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF3EE77C5E085DE8CB.TMP
      Filesize

      16KB

      MD5

      9be35334e938a12db196491e3bd7bfc5

      SHA1

      9f1c24689bc165f1a48a3af629ab95c47532fe7a

      SHA256

      4794b8c85b290f23119d86dcf1948b412f809986725e29d1055b48338bddd976

      SHA512

      81f0fb3e8828c83dc24b5ce5d813584a30b875891effd578904481351fa1b8acc3486beefc4128945180841e40e83a88957e0c8f93135c8698408d08b36616fc

      Download Submit

    • memory/2380-0-0x0000000000400000-0x00000000005E8000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2380-17-0x0000000000400000-0x00000000005E8000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2380-8-0x0000000000340000-0x0000000000342000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2380-5-0x0000000000310000-0x000000000032B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2380-3-0x000000000058F000-0x0000000000594000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2380-4-0x0000000000400000-0x00000000005E8000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2380-1-0x0000000000400000-0x00000000005E8000-memory.dmp

      Filesize

      1.9MB

      Download