Overview

overview

10

Static

static

3

856ae68eba...18.exe

windows7-x64

10

856ae68eba...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    856ae68eba7a1eeed2fd32f46a1727a3_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    856ae68eba7a1eeed2fd32f46a1727a3

  • SHA1

    aa4f48c21c3b2ace94c89ebdba0023796bec7368

  • SHA256

    b74c435944f5820de51e5bb43828b186f54e956144ca5bc41f6685652b8cb16b

  • SHA512

    7429052dd0a4b7119afaa1d8f2402edba790bc8fa452b00f6d931ec5492c4bac65c80422f3bd07cc12414fa177486342c2026fedbe3089a49c735456cf7b51fe

  • SSDEEP

    3072:9Bji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:91dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\856ae68eba7a1eeed2fd32f46a1727a3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\856ae68eba7a1eeed2fd32f46a1727a3_JaffaCakes118.exe"
    1⤵
      PID:2188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2420
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2456

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aaeeae6055ca62735ff77e07ef1b9de4

      SHA1

      3236871cce4a49f2d9f6cd603ef649ce349a9f96

      SHA256

      9e15daa93b798ba3cfa12a5c0ac30c78bc6d8c9c38f7cc44c69a41da709f0378

      SHA512

      814a23336307b4cbcdf91494fa7b2bb0b16c1e23835edba5fd15e39c04c4f219147870f23ac2b1ba9583e9d052e02175934e3d6f9697f9232713125b7edf5e1a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c26d655e9038fb1229311f9f46fa8960

      SHA1

      2640115738fdc4dd954da996512f4650990f9a11

      SHA256

      6ca944e29a29055fd16fa55c80335f44e35d36f7c3df8f7e722f15ffa6a3544b

      SHA512

      6203a6b2bd04dc178512c70453668036930c240af3b1cd0ba8edb3c83729371e5ea3c49dc67b807f949acd25fa68ceb232d5051a5f5fb4eccf18bcb91d0486c1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e7acacc8adadeed9b88d7f52db8f7a20

      SHA1

      c7310c830c5593209f9b0f137cd25b95e221d1f4

      SHA256

      99c7bbcd63dd972cc697a2283f1ca7e3e7581dca8f6a6e0e962bb1714fd881b0

      SHA512

      a18e0ed236167f1dc075ca596df6e666e3ee8a419737da9e0aaeb8967737478409f05c7b28a783a97d2ccdb9d89b5fb782cde78a92c2a1af1e009daa6a2c7f3c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      952407f3444d19a7191318cea8eec381

      SHA1

      106c18786dfbd8958ece18b3a65ba58f42585d77

      SHA256

      35089d78239c6a81c0cea046430a8ff29bc0aa914ccb3aba7efe17168176cbdc

      SHA512

      03d554dff1d54fe911482c54fd3ce6a713ba578dc869eab1fac0bf9aa9feb4dadd829f49efa274b7b0871dff6dc74d5dce3314ab17fdeb35c2887c035ec9ba8b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b2110c06d31a3251e84c80309067acc

      SHA1

      103fd07923eb4825792ba892488a3f20fcfac805

      SHA256

      726ee2100773fc4c02c91500e4cc0727a7b0c75323dae322bcedb7340298ad50

      SHA512

      100ec39ecfb229a647cd47c19baa8f7d4167d1746f6298bf5b1c5577b12cb9d750c03977e9a913cc04d38925d40c9246f00cb7efb36af530c28b293678481f22

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b5adb721e51eb2613403b82ca7741ec8

      SHA1

      620e0e81a6184ae6e234a3f7b856adadf792c160

      SHA256

      a065a055da0b084109ea2deb99783c5b2b43e75237763d67d1732fd31796da40

      SHA512

      aa2183375f65e3ac916bdd5839fb99bbb3bca692b4417cf7da62da48353dbd7aa3a8c151a6381bc78045468c06524e73949b36f6e30268753c5f88b4e83058aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5cf3482a189c65f891cfed85962c318c

      SHA1

      ac6048b64b59c1d2341a24494897f7ba249d019c

      SHA256

      d83d05251720829e0a8ecbc21888c37450946a93377232288e8d1ff2af48bb60

      SHA512

      881afd959aa8a959ca15b2c3d0c64b5798181427359a793c47825e1d553015af4871364dff275c3378e7d90f28bc29a2b097d2dd193db2869670b52d3f85929f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b7689ea8ac4ffaed0e7465f5a8f66709

      SHA1

      494c5e592c194d6a24b74f24f0a09e0fcad0c751

      SHA256

      df4cc6b710a2f9cdabb9a0a790e61b26fab621aa7d6720180f0aa4bb0f80f247

      SHA512

      419b2aecef824cac2adc0cfbff4145149551ed2dd2558f5e567742c86ad576a0987460f710c157c473d8db58d53337868febd292b23f8cb2c4c25af556cc56f7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4b72a9146912322798b5de015158b95f

      SHA1

      442a8fddef6cc670733a2f2acdb55e6a1d8f90ed

      SHA256

      821a7548423121e7ccb20013ced2c65b161ccd3464656ec387d398bfa09044c2

      SHA512

      3936ae4de138e8d4469c8a7df81fe267cf22265e561b78f7643a6f13674ff213631a07c0879ed4532532a8f4cc3923111966e66088c21c451b2cc5abb0a979e6

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8547.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar862B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2188-11-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2188-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2188-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2188-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-8-0x00000000003E0000-0x00000000003E2000-memory.dmp
      Filesize

      8KB

      Download