Overview

overview

10

Static

static

3

8f31c4c67c...18.exe

windows7-x64

10

8f31c4c67c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2024 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f31c4c67cc45100601877b327e45cb6_JaffaCakes118.exe

  • Size

    547KB

  • MD5

    8f31c4c67cc45100601877b327e45cb6

  • SHA1

    f6b873cba252a0939ebbed04115575d37ebdd4c8

  • SHA256

    28a5fed9dabc4201a98304a9020ef44aaf31c137e6212a90b38e485d266a880b

  • SHA512

    061c7ba133b1835016ad1f2742292323709913e2108976988f231630401516f54d1d85faa1bf652fcaa35e29086d3b19c0cb52c1ab7bd4e83403e088606b2f84

  • SSDEEP

    6144:uVJt7IsATy65KJZnF/gYdpOLwVF/lauaS7tsPUF18avHUwAIgJ+ke:uFTM5utF/tdpmU7tKO6asJIgJt

Score
10/10
gozi3187bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3187

C2

qrodericky94.company

g77yelsao.company

tromainevirginia.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f31c4c67cc45100601877b327e45cb6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8f31c4c67cc45100601877b327e45cb6_JaffaCakes118.exe"
    1⤵
      PID:1208
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2452
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1384
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2476
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1632
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:468

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d04583b9208a4f59ed60dc5e7096733d

      SHA1

      36bd6c021f6b8f7a3e81af2881e9a85e2ce1ee90

      SHA256

      53b0285f77999cf2d6c1fbbf7ffaa7200a208da690cde209109957460bae0219

      SHA512

      b91971ffa6b55be7fa34c129e03b886a17b0da22ac5b3db0bcc547f3bbbf1f1095b7edb6c7ea1107c17405241168dc91e2e23be445fc44fe43ac2e0bec8d58c7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      83987095d43573553016d28dd5dbcc11

      SHA1

      d0e51ab8a39c859d332b7d0259fea12df255505c

      SHA256

      63a68913f2f61ad05d66d5893d6accb5fb07341482e042ce1123eec5a7a11afd

      SHA512

      9da824634501abc2a4d1196ac7f95cdca4327df6b6e385bac8674dfb12f0b3485accbf0720302531aa82b2c383fcc11a0ef9b8fd172bcc391eb45cb954dd15ca

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8e45ce90748158bca8a0e335b9f7829b

      SHA1

      0b1ded2f01ce678bc3a59424957b17295799030b

      SHA256

      9857362c271d97464d07ba94a27c3e913d507d2ba0e673e37d4ab7e180d9be1c

      SHA512

      6864868bf93a19e3cafef1b97bae7fe0e9dc3022f668426a7d3d04a59f7ceefd39ee902f8ab425225ebda52033d553823db9a27b1fd75db1d24fd5fd62a5e6ac

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      510437b1fe27411e7355e1f752b73264

      SHA1

      7d1d6057ebc8e2f8e8e36705658ee454367b694a

      SHA256

      c68168fd2eda0efd3976d9fc6552eef6aa5700c0f04065c48a2d57451df8b2ec

      SHA512

      dce5c0405683fb6f3c21cefc34657f13fdfddb97789e297c30733c009c18f8650f1331fa4a52e86e7935c89ec827fa6dd67a7e4bc5fdec370222b862f4260de8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ab8ed4c21711ab295d79e4e35e94d233

      SHA1

      57bdd2cd845204cd20e9b6604dc6b3887cab3506

      SHA256

      dc40399c3da505e854be864d89bbb276f2f465022d721dde2b33ad5eb43d04d6

      SHA512

      f16691d50bb0a5deea156205bd3c483732ae7095cc99adb69a22464391f14cdc0644aed09fb8fcd3228ebb2cfc8b8406d53c59c5641b7d3c0ca0dc9c1f056572

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b982b01e3c85b125fa23c1acd36164c

      SHA1

      1d96456531627b64a241998ae100b21467e369c5

      SHA256

      3c88f639f0f53b64e1741e6fd5bd42c3359c7dee72152b408c905011a52b8df1

      SHA512

      15ac506c82bc4b382f345841779a7f396271292b92fe89e574c482da5efc251ece3662f2d6d1e66c665418d0528556572a09e1c12625dfaabcf34471dcb8d298

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a2750330d4c2304629816d65e854ba81

      SHA1

      28d36b65794f25607cca0482e91fa93bfd8340d0

      SHA256

      29511134c727e05418428bc96a5107b08b47f102e6df8248d2e0e4d661a96be4

      SHA512

      b153a286b74781808ce052a3c907c15a87ed79edc18bc4969c11c9f22e600a438be6399d07f7ab0dc753f5c75ba14419eaad81fda135670fcedba30bfaae7f08

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b50c74fb7081088cbb14d7c26a63e22f

      SHA1

      6a63fc77d986ee461ac2e46a70b47046f8b43dbb

      SHA256

      a773d3a3b57dd575d8e2711819cc285bc1ace5fd1a80bf281b26d6ecc27205e9

      SHA512

      d9a06eb6c2204f28c60d90e2abd06c1810024a3aa2ad367c273f89039b4c351a7d03cd269122214e3dbca2431f4bfcc55e10befdf73a99f6558c9ed9a1991db3

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab2484.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar25C3.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF71549F9DB5339A13.TMP
      Filesize

      16KB

      MD5

      9f35001cbb46c0e14043adef4386ca84

      SHA1

      828b53382b13f857fce7c950340188d8adb78b52

      SHA256

      5cd94029652459264726582501f579d6f5eedb0ee656d9a30630a7f4a800b4c9

      SHA512

      e53875dccf11ef23389494615d395bf31655a02d9099b2e47d3788758d84bffb3716b2d9dc0b7866273e3f0f295b6418c09e4d2e7a368dda7dd0be8588ad4685

      Download Submit
    • memory/1208-0-0x0000000000D10000-0x0000000000DAE000-memory.dmp
      Filesize

      632KB

      Download
    • memory/1208-1-0x0000000000100000-0x0000000000101000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1208-2-0x00000000001E0000-0x00000000001FB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1208-7-0x0000000000200000-0x0000000000202000-memory.dmp
      Filesize

      8KB

      Download