Overview

overview

10

Static

static

3

9382058775...18.exe

windows7-x64

10

9382058775...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 03:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93820587756942758f38f7c4f1644551_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    93820587756942758f38f7c4f1644551

  • SHA1

    360cd3e2f38734d443fe34f59da1a31c6739a737

  • SHA256

    02cc44e1d8434915216bb885a9f4bf7fd8f5227dcef4f31b40d41569ef8772bb

  • SHA512

    206fda406f70f097aee7672a3db9e043b90af08c60c0feaca8a2374ca224d897bb2e7fc407d4dd34c13dc25789cf56f61e5a8c5e95bb8a69bb2221e7f6a15714

  • SSDEEP

    3072:9vji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9zdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93820587756942758f38f7c4f1644551_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\93820587756942758f38f7c4f1644551_JaffaCakes118.exe"
    1⤵
      PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1728
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2480
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2936
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2196
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1ccc61862a1a903a93334be3c5001b37

      SHA1

      752c2dc3f4c8b254be5c67100c34d5d4973ec213

      SHA256

      678b600528051c3ef1df0650f953410ebfec0ccd4e1cb263a982f83ac04e1dd8

      SHA512

      fe87a3302364e8c65cc94e057b73be63dcc5e263dd9756c24ebdae15cbf1d175602459ba230068a907d8677b9ed2f2224b00abe33781a30c83971c7928b91f48

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      abe9b1cdea1f1a28d306aca1706c8432

      SHA1

      b76757fb267bf7b18310c6b0eb98b03bb535ed6e

      SHA256

      796cbb0d46ec5488f7c1106a3653c8d3cfb486bb22e986dc8f465833ed67db56

      SHA512

      4bdb625df2b48f66b91a862c6c199a84a1de64c4c81acf5891707fc3af70952d63b27e2909d7a4817d7fbdac0203459e7dcc89dcc3cdda13ff2b3d5b978ed8ed

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1954d4ee841f63d5913b67b9bdb76930

      SHA1

      5d98c448b69cf5403a92ff487538b21f83243ce4

      SHA256

      46236c42e3063aaf4d88bcf9c11c7d44e7eb977ea84fd9499d1c8dc49ff957b4

      SHA512

      d27ad393e7c91eb4f155f6e9b95c45294f49f712b1b7ac8eb15c1427554dbc41dd1dc288fae7554600a38dbee4a0b0ce870f54e0d5dc01afad8af7a79041be8a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f650440353394301ba067c91a0c3150

      SHA1

      03450d02bc322679be5a80f9f6a2857b5e65fd15

      SHA256

      5cb80d4fa7e236e2ce7dbf790bb6e234cb13df0f7abad3cb0582b6b2b8f631f7

      SHA512

      b7702568ac085fee8e6fb3cab6bb9cbc72ab11cf54da303e4b62b4f59e368c26d1efeb26b8d45603e62cfcbfc0012d1943cea2beb2acdd3269b22258ad707754

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5023a9a34f064b67fe63cc5db101228d

      SHA1

      4332cc42be1c8ae7f94253bb4acd9bf68f6416ac

      SHA256

      e2197026e1b4326677f4c034137e958801c8e5aa5e8fe885d8eedddd3446863b

      SHA512

      3ccd49756de20259ef3fb1559905833fc2feaf273f1e51c4e3e807938c2bf90d5fbd899f9eae6b270108d7c837e4315402ce4ee8bd6966a93c73da231263f791

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      240662f90612803a3b81e5004a04b390

      SHA1

      f69a926cf92a6ba897a686ab295117a87836c718

      SHA256

      9d350a1925c72a8645c14aa401cff993cbaa0f97319bb47211e40ecf17cef2cf

      SHA512

      30560113826b858f81fc387972b730f76f9a1e0ab45d0e9c02c804991158648a1ecc7525ccd3b27463605f52437e2113c4fee1decc3b019502c7e16645ee4dd2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      caaf2cbcdeb49f89915608fe2638f39b

      SHA1

      7101a20dfa771d13595ebc0be1b9cc4a5e3b9122

      SHA256

      70a9bbb9a16b139e80d9b35be24529d89a277e3208089bcaf72d909dbc065713

      SHA512

      64c571c4e2f9040fe88066a55d70c8cf43bade66fe0c22a06f9a6de7bbd166e2f84b8ee550796676ce0e885522182284b07e13b6f051abdc7aebab081d17a178

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabAA46.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarABD3.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFCF754BA9E9EA6CF1.TMP
      Filesize

      16KB

      MD5

      30c060a5ad0684ba54c526a670f01678

      SHA1

      0f082b8756834eadbb923deec7c8592fd79c84ed

      SHA256

      c3efb05c6a226d058d9783ec735b540c3c871f5bcc756bf688fca3734bc481c3

      SHA512

      54e72de96dc3cbed23a41d3274e4b3526328b69a30f85e9ce2bbf12568a55c23c8b273fda000f16478aaf732a41ab23c50c1dac65f626c7f92e33a63fe958e20

      Download Submit
    • memory/1652-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1652-8-0x00000000002F0000-0x00000000002F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1652-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1652-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1652-2-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1652-1-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1652-490-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download