Overview

overview

10

Static

static

1

81e01aceb4...18.exe

windows7-x64

10

81e01aceb4...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    29-05-2024 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81e01aceb4714cae6a95a8308749b1fc_JaffaCakes118.exe

  • Size

    619KB

  • MD5

    81e01aceb4714cae6a95a8308749b1fc

  • SHA1

    62f1099cd937aa7f15fea262694e8a43a7f8b798

  • SHA256

    a6b6bf5d8f38446e086c8ec207cfbac2cca6de961a748e6cd72b0d6a40cd538a

  • SHA512

    6f9517707a7fc96876dd7d828fe560fda3fd5b6677b9e0a95d40d479c3dd35998e34922ff18143e607319625359fae093f7e51be31378920bd2a5bf1f8149cab

  • SSDEEP

    6144:ZFApUH6tEtEtEtEtEtEtEtEtEtEtzeMnMrvwgLdbxAfYAK7zf:2eeeeeeeeeezqrxLYfY9z

Score
10/10
gozi90020242bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300900

Extracted

Family

gozi

Botnet

90020242

C2

https://vrhgroups.xyz

Attributes
  • build

    300900

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81e01aceb4714cae6a95a8308749b1fc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81e01aceb4714cae6a95a8308749b1fc_JaffaCakes118.exe"
    1⤵
      PID:2844
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2692
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:744 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2852
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1620
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:300
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:300 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1856
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:340
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2752

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      29e837112be85645eb8c9cec2375a7af

      SHA1

      fb77cca5d41d9ca0357c756081c5afbe6d25597c

      SHA256

      ca45fd47dfd18e233882eb6317f8b88d52b53529b66081efe6f565049b062b02

      SHA512

      77df52b9a608cedba64cbe6601d96609d5b43ea081ff656edb080561d23b70fe6a91eb2bc25ea74807bb3992948901181afbb2529975cd5011d1e46924dfc99d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f609e662039326b67e7caf0640b429a2

      SHA1

      79e870a1adf4fa32f29d1d0ab72d92b47f935242

      SHA256

      dbbd86ba996d2db096874684eb589988af5b9197047fd9e40e05c15e5d79e048

      SHA512

      9f047afd7163ecc64d6c550654f0ab8d82a1d47da7e10afd98a0421ae5ad749ea89ee595f8bec4058d5837de3b7ed4d5f5ed9051a35957e88b133cdfd8c6b07e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aa5fc6b1d9cb8059d25fe0c5c30aff55

      SHA1

      9ef438d62731886eef21be54ecf82062f2f33687

      SHA256

      8517083d4fef7c98bee030a93fae97c75318a4dc5ea8ba1f438044c36f8dcc77

      SHA512

      3107669856cc732530bd41c8788fff5b8abcec5c82349a0f06e671e88ce36ef2c166f4971c7c4b945db4b5d57ff48c39a9a11f4e2074249c400448bab0f255f3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      68e6f4fc3f097d039ac04e46bd76d134

      SHA1

      9540f209a16a690a2de1c2300a59d54b433752fb

      SHA256

      f605997479522706f04bc11bb248ed0052a28e9d0cc4fb739248005d454385f4

      SHA512

      c950babfed91fef3b9a4266f00d88f4752032c68b4a07fa9b32bdc397477b493b0716ac2f2e6db7150e47249865316857cae652d10dfb0b996362258fe48c556

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3691f3d34fbadb0b71e86ffdec5dc59a

      SHA1

      8f29cac5c4d29fb8f062276a9843d747fe74be76

      SHA256

      275ebcb48317d4e8e415fe7f1bfe3187ae30c95c2a4ef86a63f06e7570d91863

      SHA512

      004b5b7b162b9b7593f5fc1cdacb02ceda038245b75570ba8f8f03ec637d3ee8aae8dd92757dfdfe432afc8b93a1f2427209c134c8b1f77ea07a1734e6e2462c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      73ad32bed61aef6c50bf9b48799951cc

      SHA1

      e2b4880c39f6fdb23120d6a3750e38de1f6ffc55

      SHA256

      36479091ef0785ee0f0ac92c9b417405d35b521fc6755d86aaa1d3ea4d319a27

      SHA512

      08ff95609035ae7e833c3c165fa61518ddd6462735c2389e0979724b15317ea0b12b19c79559686ec4c4c9769e889090dbfdb14e86c535429fc3dfbf2303f847

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1cf6909b196fea66339ced079ffbf4b6

      SHA1

      e62e5fa1e55f9f832b9f1210a4c82a3aa02a740a

      SHA256

      3029830d5942488f7ddaf5c041437b5345990ba9e0515eae29726d63979c8862

      SHA512

      dfd4c9f15f187505c289f3dd331e5e6fe60cd246da1b6452c7b133ae06dc8d2d2149c6db25f7dbcf6a1aaf8de7c0638b467cf9a92f61a717ba523cc85c216996

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e6065c6f88f3453628f6be945eaa364f

      SHA1

      af29d163c6580beba1fa19f08a6008d05a687529

      SHA256

      d69b5e6114bfc092f7ffda0d222898b8a6512810d8133a3f352df12de391eecc

      SHA512

      4f42aad01ba7e89a7ae9fce8bf1180279e5baa4de30fb6eb21efee3a812d65cc911bb03d797019e8cdd0c9b0e7e72179183e6f336d0ae02b7c0ec90cca709ba1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      686f69edaea3f7310e811e49e838668a

      SHA1

      22729b37fc1575f64fc876febf482f89617af2a8

      SHA256

      0504de1d91aaf810f6736f6cc6644c4d7d89c7f874da038dcd2583a0785b8cce

      SHA512

      2e695ecaa64b80ec3c617b3d4c94b3ab5f555a1ab3578cf03ff7ebefee173f03a0e99658723e4edb772eebb15fe856ad0cca99b6afb3e275b79e4f26317c835e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      54fd600f5373370c5e10073f88d82e03

      SHA1

      770227b0e4167832f15b3947a49c219514c2946b

      SHA256

      2f0fc70c2ca6ab880d73edd90a65ec0975fc0e65b52972f54fcce6c6f4f0d6d1

      SHA512

      252523b7f070c2c91955aca516e86d68e7f8d91859eaa9b46812b50f2985ef3a654be2dde32fee01e811872cbe19d493f00fed2cdd61bc967c944b5fc93cd58e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e68b77797bda4f1d334109682d9502ba

      SHA1

      a4fc751563498c143930108f86d61107a502c3aa

      SHA256

      bc19eb69ed4771a5018e855895c764248d35a5f68ea61b2e9b86a17b62b0f6a7

      SHA512

      c3f4ba79ddd23a9385222c66a15abe3c7d6000b99913fdb81b98bd2601ae40d4d289ce94d819c26ef1f0bdc67150b52cd26de4db03466dfe7e681ea2ecce6af7

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab6E10.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab6ECF.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar6EF3.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF0CB9FC00888B09FC.TMP
      Filesize

      16KB

      MD5

      e9d3602d09a7f325b090b66d006477a0

      SHA1

      b7aa691affe064c048567100ea05175a7e45529a

      SHA256

      7dc37f83bf384692a4d98d2294313e2b1cde8b5ee91633385a54c2f35ef975bc

      SHA512

      7ac2907b1eb32bfea31308c571bbd08c7defdbd80fbcb37e8b31430ddd1831c0d8b62873e6dd8d5f5ac4063eb9c7b123b186dda44cf7201e3507d604f3d80b71

      Download Submit
    • memory/2844-2-0x0000000000280000-0x0000000000296000-memory.dmp
      Filesize

      88KB

      Download
    • memory/2844-1-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/2844-0-0x0000000000220000-0x0000000000248000-memory.dmp
      Filesize

      160KB

      Download
    • memory/2844-491-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/2844-8-0x0000000000300000-0x0000000000302000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2844-9-0x0000000000400000-0x000000000049B000-memory.dmp
      Filesize

      620KB

      Download