Overview

overview

10

Static

static

3

8b72e36dea...18.exe

windows7-x64

10

8b72e36dea...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b72e36dea293047dee3ab9374a8973d_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    8b72e36dea293047dee3ab9374a8973d

  • SHA1

    4441a6a7fe6f386427b0d5836d624de348028da6

  • SHA256

    1222cd81b54edc2295d094e40971acb8be0a01d0b7aa80bdde88182b8625b253

  • SHA512

    6f6fd1ae1a3e728b65a9624ca978e3620850084a9eb4aba1021ea251d2187095ba32776072ddf5a1717267d59bfbe4f2e7982f608a6a9a68fec219916f2b8a9d

  • SSDEEP

    6144:EVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:EVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b72e36dea293047dee3ab9374a8973d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8b72e36dea293047dee3ab9374a8973d_JaffaCakes118.exe"
    1⤵
      PID:1900
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2480

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      63a09dd81ec9a80781346fe8b2c2b1c4

      SHA1

      1979ba47ce48cdb02e4df72a0122068afefbe4ea

      SHA256

      d22074871a3dd9b968fb7d9ce57e91e9179f2a554f6edcd261f92b7ef03bd050

      SHA512

      69be792bbd947093c4fd8b351b6ba1cbca22c81cd8a0a2452a0e72d28843d0bca8f4112ccb02abd8d2d5d342e7fcde2461cd6272504a9ae39a6cceb93e813be5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5b6055ed406347a33acfe4a4475cd75b

      SHA1

      17d7ec3c6d5837880ffb1e7817ecb27d0c3a2804

      SHA256

      957443df236e9db33bc821100939682c2f3863152d33c1d17747e7663d030e53

      SHA512

      fbea5c76e561d7d42c8bda2251854b3a05cb8b50833e10ea4897871171e00c489f88a944829afc14a7c058db60f665131e1de12a924c1ee1fdafc918e57f2031

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d7ea6e4f15e4fd0dae27895552bb5acf

      SHA1

      aff75effa5ac931dee93734b9702aed08d31a6a2

      SHA256

      cd1c6c30a18ef0fa0dd966527b613c9d447148b4ce35b5239eb764f7baa9e5e5

      SHA512

      087a59d6e18022c51efc2bb14d9dd85a308436e1620ecc5508bc80d037e921162635a938a304b3f7f37556c84d8edbdb38a1d6043f97d284c3216c2dbd544841

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a6c7b717a31f576cd0fb5829251a2586

      SHA1

      ada1067bbbc9d6aedfab94ffeac6ca439cbbabc1

      SHA256

      f0a9f2106d57ef8969918df4b355d6e6f364e34aeba499e4ebd97902871aac01

      SHA512

      d26273470812a7b9403a80d364c88ed45830b87721c0bad3611158d0424e132feb25b07e68a1616b5a316032a819c41e4f203bd374b27022f130ca20ca971a41

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1820bb8139ab69d050f09163e7eadb8e

      SHA1

      aa1d70ce929059dfe759ce69c152f4018f315b38

      SHA256

      ba35ba898375d65c5a55c56d00af71bf54cc8607aa74577a53012bcd94efa143

      SHA512

      250fdccaac5d45c84eaa0f9043d3353412528a3d2a21eda35b54e056f38b19ffb8435e5e75f29283280ea54b8f1b390a485faca9b3472e5948c3b07709c7431d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da6d9aeecbfcf5fec3255c2bbfaafe59

      SHA1

      c5457d59139da872a05e71b22733994994be2f71

      SHA256

      1a419bf44683bbe685795f22e49664c6c18272f9da3ad88876a5b85ae81a21e4

      SHA512

      8e5c8abe617d5ddaf18e986f60acc708f370f482bf6f74df94b5e3211801f142adb5faf971484d3ea9def45255c846001920262764f82ae1e5e51d2bd6fe7c6e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1cc71dbe983ab686755b20485dd93ede

      SHA1

      49d9f8827bc564ffa20603b478dcd5065beff4ad

      SHA256

      cdf15abd0b25ee78e4ca72aa0e9d1d1761c1c74fced4629d60ae18c863e41a0b

      SHA512

      0d805e0c0d0c53271d65533eb7a95f214e4f3306b70528b5f7302e8b46e1a165a35aeecbd22cd175b0e6431526219f78cca308990eaebe4f464456bc576f007b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c44c1480068481eb2176b676d7095955

      SHA1

      cdf9ff18eb31fd3dc58b6e76819598e9d1cd88a8

      SHA256

      267b06d96e50765ec6a782975c3d3d7cc1f34630206207eda0eaaf7bc3b04c9d

      SHA512

      400257ea0b4da5d0776d1dbabfc11e9543408f61b2cdd72a787c6b56af05f56712a9f687403d9c94db7570e59dd29c8301447f35cceef3c1466b83fbe353b549

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bcdee09193f8887c5644127efb0405d4

      SHA1

      473c53aa1e84814bc24eeaef5d2f22484144eedc

      SHA256

      751a35f406eaa9057db324c6d8e9bf8322716e4009d476a4786597e7267fdcb8

      SHA512

      239b6d81d7245a622c428eab9b7348dccbfbf8ec9507a6b7ffbfa3e5a5c143c44dbca9917d51739d78b4441e516c70e189763df2d7b42d73abb954753e12cb17

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9F2E.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9FD2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1900-0-0x0000000000C50000-0x0000000000CA3000-memory.dmp
      Filesize

      332KB

      Download
    • memory/1900-6-0x00000000001A0000-0x00000000001A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1900-2-0x0000000000160000-0x000000000017B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1900-1-0x0000000000130000-0x0000000000131000-memory.dmp
      Filesize

      4KB

      Download