Overview

overview

10

Static

static

3

8a68dd8eb1...18.exe

windows7-x64

10

8a68dd8eb1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a68dd8eb11a12832249d08e81a7a3ab_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    8a68dd8eb11a12832249d08e81a7a3ab

  • SHA1

    9e9b06d53307c11396d153eae326cd57712ec837

  • SHA256

    91c2c546949c57936f7b4f668d0fea27cb14813a2fbd6b8df4a028f389ea20e3

  • SHA512

    941161b79299d0146e92d8bd4c0a99f993262f9a931e7844a40110be0cd6d80067f94908305f00bdf52409693e445ee48ec85f7745d532c1c17c925b179e6117

  • SSDEEP

    3072:9Sji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9cdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a68dd8eb11a12832249d08e81a7a3ab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8a68dd8eb11a12832249d08e81a7a3ab_JaffaCakes118.exe"
    1⤵
      PID:1716
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2736
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2844

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d66cc632cfd7a428d1a2e3dcfdf9b0df

      SHA1

      159929a731a7697c3c8b26c3a5d70dd72a9355c1

      SHA256

      f9229e8b4736874525fde81156f7f57d353b3ab3f8b9f095bd00bcff70ec06bf

      SHA512

      4534432e88dfe9c5cf6001be63dc59e8b7ccbbe9c042a7aa384cc10e339a8d7bdfac446a53638bf6e4f41dbed1612ab9642d44acced2032dee7397789bd00d76

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6308a1b206fbc24d54a4012d69c75c66

      SHA1

      3dc2ab43f14e2463dacb2985428d9f00c184e72a

      SHA256

      19d57fb29ec30526a78f78c603eb43256ad0224ffaad8d39ccebcb636c7f2312

      SHA512

      ec81acae266ce705cf0ba158c054d5ef16a92ac28f061d2538f51ef67d92a3a0537e821fa84b777bd48b966ad37b9c9498e84a5ff289576e2c1458f00765f5d3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1280dfd16a3f387b419a8af23e201ff7

      SHA1

      6f51a91784279d6ad2a298b359fa80ec23bb9e5e

      SHA256

      9d5322900b5e3c9db58cef2cbe5223001f2c80d133bf3b7be511e3f26188a724

      SHA512

      86e7b9721686408e8c975476d16830232af86fc55db24db15ae16070f4e3f2bf2f09fc7a9470f7901b5c68eb2aa6dad8c354fe5c4d1ee4e45bf8858e6d1ad977

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      77cb32ce9b0d10c89c7419c40df65a98

      SHA1

      beb65487e35737fd2e70ec9319ba9a4336203c77

      SHA256

      59501faf1678d9d33689ff784ddcc15daf08980e0b9911e0d762ad11e42edfa7

      SHA512

      ac47753d4a1071665d2f06241aff5ba8cf1789c30f252902aa1feef68106caf87d1089142739377f38eb97485ad3338c446fae15270946c6313e03a86b5da543

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c3d40aaed87b2d209d74800f77de61d2

      SHA1

      1753531f34cc562625e82d934eaccaad09187735

      SHA256

      b6630ccad0dcaaebe6dec6a49ee333c7bb50b7321ed793d2c7338c7a85d7b3b1

      SHA512

      9ad25abf84e1720327f52f105f368185306b1d32dcd85fca475e36b6390dc88afc0b9005524d09c8fd2325816c44786cb2eb5d7b5bf4c99320e8dddf3e471b7d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d89142c3827039b03a3adf1b2992c83

      SHA1

      ca801264a0f275332efaada069f2ee9cd3cfcffa

      SHA256

      df880ad31ad6ad0620aeb8ff491aa4b45017845efa612be957ff5ce1fecabc87

      SHA512

      13fe848c7cba7c35a5c4702b4852843e70af8d909ab4439c0253cf7b89b4d0471080f8add86b405e18f0ba12be0388e73ebc90701016c87a40de328b5c41de86

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a6ba2a2173057b2d458fffb5a00628e

      SHA1

      85425694a75815a87af5bc59f61e7af5a52f07ff

      SHA256

      d53af549686adbccbed65c8a0c6f0719569873dde0630c647cceb5bce0c20893

      SHA512

      13d537721046f18597e4d5cf5e914022a0b60e4ef49ed50ba81a17081afe1ad4c63edf097d3e3875232175675da4f2274e3cb8af4e049e67b74b19f5edfe33cf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b1daa1a19eaf176238be6a88241ab11c

      SHA1

      28f97ed73e9265d66c624790ae836e5da5193306

      SHA256

      7a208d069f5226215356a8eeccd88d19e3850f0ff9d8dccb8cc508749f09503d

      SHA512

      e7d3f918c87386001fe61390b664412cf297dc5e2749b8f246992f055f2455d7b763160b09a61ebf6ae20437bb9e61d66c7eb3419a4af1efe2a0837456484ac3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4f2c2ba0ccb180fa4af3d384224b101a

      SHA1

      58bed6654947dcde3e96255d7bc0f19b580f4cf2

      SHA256

      ccff62edbe342a54829015a5bbdeb77a353771ecc70b787a03514dbcb1d2e64d

      SHA512

      40a4630e1af626ce3ad167a6ee07a7c7c24fe82ae2230d9064ffc19de07e29834cb7a1c84311f73d1148e36e3ae507c818074ee837c20a41e421fe6d9dc390f2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ade6fe6e40a3bb652ecb821b68f4eeb

      SHA1

      5aca4509f2a423c1edaab6d991d1a2b2299ad9a5

      SHA256

      6a0c68d68a7411357c2707b7c87ab8d213bda3432bacd23da987db3baec7d614

      SHA512

      4fda570c6a08971f4b3fd9bf2ca1dc327293cd08644183582ad4a104fd0811f5235a7f71a35155fc0100029fc0fbc1baf30bd1bbfe1611b365c91890f55d2b10

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8A28.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1716-2-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1716-18-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1716-19-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1716-8-0x00000000002F0000-0x00000000002F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1716-4-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1716-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1716-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1716-1-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download