Overview

overview

10

Static

static

3

8285061924...18.exe

windows7-x64

10

8285061924...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8285061924caa5069b4446c9cd88fb18_JaffaCakes118.exe

  • Size

    197KB

  • MD5

    8285061924caa5069b4446c9cd88fb18

  • SHA1

    57a7e917790f7a8b0dc33e086d2798207a36eb4d

  • SHA256

    fee861635aaee3e2e274c9d5d8ffa0af6b01d2a06f44d1bf7333f58a91add1c5

  • SHA512

    a64a6b41d88ea01bf58502f05d9eaee515446fc8e51ea9ba3ed12f479d509446b1d4aa9fc3542de30d37ee19bbd7adaa1130ea250bfdb73d8c0b31cd93182f7e

  • SSDEEP

    3072:/WDdCZn+MHTptyZ1+5Ck15lxYY54Fp3QT2kZz2yDj0EQ8x7xSJM7UmA0ox6:/WkdVlS1oCPY5+QT2kx5HlS27Umg

Score
10/10
gozi3135bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3135

C2

zweideckei.com

ziebelschr.com

endetztera.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8285061924caa5069b4446c9cd88fb18_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8285061924caa5069b4446c9cd88fb18_JaffaCakes118.exe"
    1⤵
      PID:2192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2800
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1012 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:668
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2200
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2992
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2388
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1984

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ab8d1c2ef96aad6943d3ee40c003d552

      SHA1

      4c0dcc9cb34ed5c1af7f00f12b29cddfb191f648

      SHA256

      a137d334b9bf1959f641043244171facfdc3ce0e17f4c6ad977702633dd91c24

      SHA512

      011603d9cf3c02552a81817a7dc6d28ff1e94bf99b75b346e038c4c65b7ff229575ed85573bfa37496e41cfcba0d32364bd925486c491d4e34f84cae9e5ac6e5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fb0f2ee4600cfa66eedbabf87d08cbdb

      SHA1

      308f27b1de4ea426a687293d1ff5f840c4f4fc9e

      SHA256

      3af85bf51f78b400789a2c083c028a457fef5ab69a36cb091065dbdd86aa6abb

      SHA512

      e33f6ac3d75e8d285c3764ee744a65243a4102eed7ed711530e2f906df4f134a5d2efb4c357efbfe47e1cf7d2418bf6c016f0cd5e38a7937d2158da793551dd6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f42ee9f9bf32e4cbf750a7d34f009151

      SHA1

      da664ea335a1f710d3174f979a1f42c99df896c2

      SHA256

      553b2c01da4a0d92b36a26af75de77beb53f0cb9882175ad4358d71ad3928838

      SHA512

      aff5233e309d99b2039a6acffafed0e4820ada133ac94eb04892b06684880bd927de73dff80ef31947b76baeade347920c68c5fc109a009f2485e6137426d317

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8e833f4d834999f4be6830adbcd53cc1

      SHA1

      a2d0f7e3f602ab3322e132c704d176e5b267478d

      SHA256

      a9a65f2cce4e669c1def97fd08b39e7e01608c0b042d9bd0f09c5a633a37dfb5

      SHA512

      ca05c2b17ab49c101b9bbfb235ef4d307126c3365ef05a582a8683477f2b6f3d7d23efbb09aae845964f9b03eb223a3f084bb845dc9b9985c42f170e57b8f134

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c214dd4fa0e7a3b6ce485431e970893c

      SHA1

      a5fc1717d1df42dfeaca6e67334e2154399acde3

      SHA256

      86646e713af8d69344d9e08326cc4acdb5f445162f72cb88f048da5aafae33fe

      SHA512

      53a3ff649d318739518c5c3791921e350f6ba356ad93fd0df985e689d2fedb9d6ecb9859fca4cef7caaaa503b6e429f7092a14f69124871d8c44532fedd9675c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      978a1ecd9060074996e969c089c5017a

      SHA1

      f4b356facf97cb8952317f8cea61453ae566773d

      SHA256

      7c3b92bbb81fcdbb7e6982f48ce879a75c89b5800dfc1212f89c1a1a140f35eb

      SHA512

      3d5aeeeb8066aaa2f99ea9048cfb763c614ab895f8813f3a23f6938ca90ac20a0b0094ffe6db573359ccd3790969f7d73ba34fd08e318bcd5fc7cf3da07da958

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4fa1ca39a185cb7cba8d6ab05da4a25

      SHA1

      0dbc548b39108622919cba75dfbbe4acfba4cde5

      SHA256

      7898876dd58e18cc365cbd50e3e9d71dcfe951a045edc10982f298a4743d3392

      SHA512

      ea5a06fea54cb4c9fdf632ef1f126f673103ad9c94025bc8e7612e301385043885e22e39a87cd016b190eea4c4dd3f0d8d4fe967c0b2811264f9f44831541d6f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cdf1451d9abe6d2c87c344543c7e53b3

      SHA1

      64071e9689adb3ed3bf6f4da64e235044ea05a9b

      SHA256

      e7cd7b0e87c31ba2251bb9e9af45205d94741fa590ff385da91d6bcc303519b0

      SHA512

      915808d200e17ddcf8ed5ea0d0be4f2651574d6d56bfc2063edf318950147d18d54a7789d14c44df96e130793f54c96e95cf9327044a258d3f2152d9d7dec2f6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e0b3dcf7993d19067f8d879f3870e31

      SHA1

      ad7edc54218b2f004f67d0ebbbf58a02eb17ed56

      SHA256

      ce7c7d21c6fa96271dda5d539882661efd60c3cfc83ce6497035839652c1f6f1

      SHA512

      c968eec69b3770c1793242ce576be627efa8e98b4289e20fa35a62bc68c184c8c64da56bfe80f3ae22fac8b43b3082cd9d1b9a7ca7a9e87dc1158706889b6f93

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA42E.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA510.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFFA863A6627997753.TMP
      Filesize

      16KB

      MD5

      91bda103e41e59fc009db0fd6d11a86b

      SHA1

      6dbf5ca63d2d76c240b40d786f47daaff86295b6

      SHA256

      dd7f9b6274cf56db2f562cbf02957126be3ebde0f5ca2e6b0fbc05403347790b

      SHA512

      89a5fb80050abbdcf1b0652993f954253789bd106c8e83b330d6a82d8dcaaa0d1d38314fcf9534cf5b361d7bff56ab87801ec18464c14619cfe6a507dfbb0841

      Download Submit

    • memory/2192-6-0x0000000000330000-0x0000000000332000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2192-3-0x00000000002F0000-0x000000000030B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2192-0-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2192-2-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download