Overview

overview

10

Static

static

9

8deccf7539...18.exe

windows7-x64

10

8deccf7539...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2024 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8deccf75394b06fe4699e615d912fbc8_JaffaCakes118.exe

  • Size

    908KB

  • MD5

    8deccf75394b06fe4699e615d912fbc8

  • SHA1

    4beeecd6565d3660bd69bd0987bef5ab2e56d640

  • SHA256

    68bfe6b5c89702ecd6a5fc1061a57c2bc6c5e492af781c664a6d59b99b1c9524

  • SHA512

    800c5669043146d40ed6d190643989a1bc8747030304fb4a86f323cf06cc76ad9a91ed6837038729c66e5f1a636c4dfeceb227b9739e768a74cb6c24d312d086

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8deccf75394b06fe4699e615d912fbc8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8deccf75394b06fe4699e615d912fbc8_JaffaCakes118.exe"
    1⤵
      PID:1708
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275466 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:288
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1724
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1616
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2808

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      22d60cb2cefda5aa9c301b9b5c57bc8b

      SHA1

      15b9350e8831e6693729038c2b01501eecbf743a

      SHA256

      f1a19d4471d8f04dd53d55c99c15e88f1eac4969fa0a46d6970de69dd0e9fb36

      SHA512

      ee793593d9b282d97bc8c561669ba3ac2e66f47fe6040b071196c6461d62f76d2de948629ed0325a69586e291b2b4592355686010f04ba8199be8ce51b4e5596

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      02d3c3f0e30a4aecec03b09ad9b71897

      SHA1

      4be66c9015568542b1967863bafd5a8e6ee85388

      SHA256

      733990bc8040ef76481d042ed2ebac92f116f593c357efcb17bff5a29e2228eb

      SHA512

      5f97b81479452636a6d85dfa24ea9aefc663a69f805dd57fedde19f8ebb9c7aa7d6734e8ab35b6cc78b5e2c59e88cf732a6cdd78193dfa29869df14ca469010c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a5e32aceadf74037ea11287db240a56

      SHA1

      457708640baed6a20aaa23fb825077e870e69416

      SHA256

      0cb327654ddb1ca13e2aca2e1e1390c47753b5c053aeeb93783fed5241679f89

      SHA512

      5d4b1cc2d8b58520d9e6674edcb175273b12101caef02755a64e40f70b42a8ca36d20f3e1dcb5f46634b417ac7e225c5fd176843cb7ce6ffe3c41f47ad32b31d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      06856714c1ecad0989b754f91c35b663

      SHA1

      76733170e663192e4837a6762edc139c2408999e

      SHA256

      fc64467a41b6181a9fcfd164f2b3ca0c069a25100bfdfe6595156d1dbf1f2918

      SHA512

      5d6e535bd2fc17d74a3956d3be55fc2459c84bc25e305272c468acab74c8b01f2c3763e98cb091579a5ac5e55dcd26834089fc802d544ef935a8f363b0516587

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4585fb6b623181e828a47d3f18d84bb1

      SHA1

      b2624c2af2d5212396a8d05711baf82a4f958b43

      SHA256

      439fafee29d4865061e27e2b331ae69781e4e17daa02dcc5b08b72a328958c84

      SHA512

      6192d36b9facbd9450c76c933194176838cf57fbe485b1b1d8b366d86752301eade04320e0cd008a4a9668099c01a9460ced90ae04e4273bf11388a789321fde

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fa57ea1cab5bd22065e0b2681f1e5c8e

      SHA1

      6205c3abaff58c728edb75fe1a36747098ea02ac

      SHA256

      282c54dc151fbef4759ef7f8bc1d48dfa7063206052861303788e4af86c018d4

      SHA512

      9ad20a01ff6418de92eb316338e9ee9281ce398134c960737dedf871b6a5b0613d76ede60425eebec63771a2e4bce5237558401093975038badb9618f31c19da

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8353de7f7862edb55c52432be46d8050

      SHA1

      dabe30818eb72f8a7b978bf2c5d42c3e06c77b64

      SHA256

      69f0a8a87b368c1c65b909c1e1cc7c222c5303b5b989f027942a0427b0284b7a

      SHA512

      f89f3ccc93b60645c08e6736cdf891b13d0f1a1c080099a50e10b86116d8637d4f039d5f71c397e86e6122ba33350455a7d5bc4ba8fd02a597c5004170e18498

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c32cbad5009cde359425dbcf44a3a2cc

      SHA1

      b9e2f91764948e0cfa50280893bf9d5ffe2181fb

      SHA256

      5f74cd7abffbe9543682b753d27fcfe663a2bd740c31d9bc7ce41bb488dea898

      SHA512

      9f65d5eba6c1182e18500304b562e42bb8437b643ecb388c53ac8de6bed40564941efee9005077d659823b0d132928b4f0194c8a04adf7207699622c16fe0db9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d5e2ec92ca9025760f78105e354f55b5

      SHA1

      8c3773599b5626c719036bf3a70e0e05beface28

      SHA256

      cc59ecbe70a051cef2c1d3439773b2ccddb8c87a85cabc0f2bc8acd19fc99e27

      SHA512

      97b1ef3749196c04f88ddd9005198832633c2b65696b6cff2cbed4ffe89373185cb79802f7ba7546ae9de281db238eb545d4fb7849d79563e803d4eb3181233a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ee3577e6d653203f71c87f1a050b20d5

      SHA1

      6a0dd567b19c51b8dfe28da0b0bd6465175e631b

      SHA256

      c1dfebd8e7a7903e790dcbd3780dfc01378e372f427f58cdb9da277c25370e0a

      SHA512

      bb319ae95c887ce896226b10f56e7799b66ba04d174bcb68f626ce5af5fcdfb4cb6ca3f046137a31c02a7931f0866bd2f2fde7006a948282639fe7d2c7673fa1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      835185553415df5fa3542838ec123ea3

      SHA1

      db8d7109c447d35ab870795d64ce41d54649feee

      SHA256

      983272683f27bdea6924af2ecd7f3f5502f72ac801f67250f7633f1e647f543c

      SHA512

      e8328cdb7e9ed6175e305b0db8bb0aa118e3f185c4b8daa44b1075c04d91e21db60a370c476a5da010f28502fefb8c028e58d1692ceb98d64ae597c77e4ad865

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8355.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar83DA.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF1EE5FB4BE3078EFE.TMP
      Filesize

      16KB

      MD5

      7134e2289fc6d2919bca789dae0db9f1

      SHA1

      36e3987137da094b16f755d6d9d13b913b7e5326

      SHA256

      a51874eb0d7ef85367aa9ab0d4b048272e340671ffc896dfd28a5d89e76512de

      SHA512

      db67d78dae98b5645319e2128ff3f9616241a59a9f1694ba5428b9441e67e8321883e4285b601ab637a5859b8eb0ceaadc1ae11729aabad72c14382284ba710b

      Download Submit
    • memory/1708-8-0x0000000000530000-0x0000000000532000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1708-1-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1708-497-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1708-9-0x0000000000400000-0x00000000004E5000-memory.dmp
      Filesize

      916KB

      Download
    • memory/1708-2-0x0000000000240000-0x0000000000251000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1708-0-0x0000000000220000-0x000000000022C000-memory.dmp
      Filesize

      48KB

      Download