Overview

overview

10

Static

static

3

846c3da855...18.exe

windows7-x64

10

846c3da855...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    846c3da855a22a68edbefdab14fee4f0_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    846c3da855a22a68edbefdab14fee4f0

  • SHA1

    6d304f315f7f9b8c8c032f8b88d0ac2fc2d35925

  • SHA256

    77b4f2852d43e77ddf225771b4ee7733229132ceb8113b494dbe9e851f38b463

  • SHA512

    fae07752a6259c1af45cbd38db42a4fba3622752296e30418f5c4bd76cdb3870e14b22bed3edb5c2bbab9f4096ddc008a887d2b498d7ae1e6fcf25aa8e63f524

  • SSDEEP

    3072:9aji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9kdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\846c3da855a22a68edbefdab14fee4f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\846c3da855a22a68edbefdab14fee4f0_JaffaCakes118.exe"
    1⤵
      PID:1460
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2388

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d3f780a5596bc9d1a742d38231b09ac6

      SHA1

      49f84423456f4139577a4b18521f2a8e41e1bbb7

      SHA256

      043fbe01ad8ecd9fae5960e51904baadf38c96f6a8c9c651a5aadb859121711f

      SHA512

      25623000c68b0b0fc477acb95fe3f82f4395237fcb3891331cedd2b78bd53785c5cd18d5243b5a5ebd8085675788b1156a5202bb243c8698376118e4b953b80d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6b2a4d9796d5c1c192c80cf055583cf5

      SHA1

      a6e00511ec9ccd829698280083982b16e764a04c

      SHA256

      c68bdbef113607de14b07fd27373c6625c1498fc55df603a3792a2e6b2b2f966

      SHA512

      5e8693a72afa1549a7d1e49efb0834562d84e57a4a9c54f449821e132c9de4ffb38cc20a334cb04c88f8decb3365591ea55b9bf22f255a0e2ad4f08254a329e4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d2639c72858ec32ca8bcdad4ad7769b1

      SHA1

      947e3449f0ac18b09c67b43f33116ee5d8646108

      SHA256

      2099bedf98b1c378fd8b058bc65079154ba05aba1cfc2076ed14240bad2dfca6

      SHA512

      99bd0f86aed244e7988fe9472f4a1c1fbaccccb2bd200feec0ceb3cd927de5a63e18309c841d576eb6528ac3e6a5aa88d07c662b651cee3f967e5578fc6a295a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5e9867e63d0dfbe91b524c6e268134be

      SHA1

      32f4c37519d4aa48c2fc5230337af5eb1145d1cb

      SHA256

      b2a1da28cae7618bfd2d4015231333c8f57f61d86296e96a3fb34cbaebc2179c

      SHA512

      2aeaa04d570bc5dc3283b81b04833d7438fd827bcf84089e0326e92041e0cfa4078ce4452b553fda4075f4b07eb9e1456af26f653d560684e35f563d8acac4d3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cd09351e49b510ea43980e5e49da936e

      SHA1

      b287cf383c4dc809a885b14bb1146f40d28ca10f

      SHA256

      0f19d71e15b41a3ec4616aa263155b68a512c5df9cb8da5318d7591ee55d1d56

      SHA512

      45684b338891a15def892529bca3e7b7a79a4d65b1731246defc6117b630e41f2774ba8d32c6c4ff40d08ed8eb59cfc39086c26f3ab8b549a7fd863917d51377

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6495e97bd2850a6d5368e2434a34ad58

      SHA1

      f27bce408bf2d9a630eb3d3df31901365eff5639

      SHA256

      9440a0475a18c1990637540d6471cb5a5b1ef5de8b596e1b464e2db2dfdc6544

      SHA512

      e52e6cdc0f09fbcaa7bc7fe11e4656b0ef10aa2f76e02a9f74375dccb1f45ec865cf5916470892dcafc0b5d1588cb384ca73f87dca6b72dc253a34c05b37e81e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      24be139cffd15324004dc2941620fd82

      SHA1

      7cfeb5cf90747ef952020c4de28e2606f08fbd9a

      SHA256

      5bf59d76142e8ec60c540ebab4aead4e4e4e31006e326aef8b2eae9be37e6a40

      SHA512

      a28770b3f0291481abcceb9d5ab30cb07d62b9d7eb107e5eb395760fae9a0ee9bc8b27569e9f7058971b22a1056917f50bf199fbb59936f47811e48019da3f17

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      07ebe58abd0a8debdb82be3e7cac9d44

      SHA1

      a3d360be89dc91033c3fd2d456dc567d393d8963

      SHA256

      7108a295147e209d4c74d344417efb2bd376ca3d8d07081b39d74b9c7e0795dc

      SHA512

      e492414c9d1baf482c6ee424be663712d1549c8a34777304794289dbc2ea48abdac697e9877e243e498be8b3bb92f544c2f27d55fac1feb51a67698067fc89f1

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8D33.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8D46.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8E36.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1460-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1460-11-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1460-8-0x0000000000440000-0x0000000000442000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1460-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1460-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1460-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1460-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download