Overview

overview

10

Static

static

3

95e0fb621c...18.exe

windows7-x64

10

95e0fb621c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 18:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95e0fb621c67cd01a25dd4d225655bc1_JaffaCakes118.exe

  • Size

    197KB

  • MD5

    95e0fb621c67cd01a25dd4d225655bc1

  • SHA1

    19eec7dc053356ed52e10baaf5f5108365a1ddc9

  • SHA256

    3094a4bb675fa6d9aec4dc136c4d45354acb7dc0d5a91f323800e66ebc9052b0

  • SHA512

    58f2ca00b5ce6e863c376a9b74c05089d1c2554deb9876167459313899f4408f0ae330002274145a2efa4f28112f5af3b4df80827d6a3f0b408b15202e5b1c91

  • SSDEEP

    3072:iWDdCZn+MHTptyZ1+5Ck15lxYY54Fp3QT2kZz2yDj0EQ8x7xSJM7UmA0ox6:iWkdVlS1oCPY5+QT2kx5HlS27Umg

Score
10/10
gozi3135bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3135

C2

zweideckei.com

ziebelschr.com

endetztera.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95e0fb621c67cd01a25dd4d225655bc1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\95e0fb621c67cd01a25dd4d225655bc1_JaffaCakes118.exe"
    1⤵
      PID:2356
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2712
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1412
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2240
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2888

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      76b2ad3015c2e2f42eebd56985a79125

      SHA1

      6cfa09c9806b531cc982777cd6db62761fa222b5

      SHA256

      aaf280001e8c506cdf7eb6f61a0c5fdd10a5d2de57ed64d842f125401384654b

      SHA512

      e120b36bcf0f2b02715269a4eab27fb439ce4c69aaf2b5fdbda78107359aea7c017acd3cefa217704fc795abc98ed6aef28379e8051feb2cd7542a6129cb1192

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      be21510027c6553817198e10d805914c

      SHA1

      6cdf5b574976518f009c42e1b5e98e66abf80358

      SHA256

      ada59d5656bda3412524b165b32b756a39d1f91a463d89ea7b8c181eee01ee6e

      SHA512

      a9f229572978c96931b427c71b2e47c486ce8c76e95a4415f83db45e316ed7265f304e583975965136cec7ec08f1e4e6c3570a97409a21eaa603436b885aac8f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3e580e806c97b89cf830ce666b683826

      SHA1

      e292062f8a4f92fd2a4f0eb6f18d1e04276e5953

      SHA256

      e3a7bd2e1eb9b35901a8463a0469b798d90231a668966ae9b7d6f7efcbc74958

      SHA512

      eec37386ff665d7b55d4d47edd359abb6b79a5dcd9b9023058f145e30bcadd2eac9c6432408450c2eb0c7ea2ddf69b412d16287fe258195143bfb85ab071c573

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d83ea0f5c8e81768e6ac98434e47f749

      SHA1

      4c270ccdcff80eebf72265b0a4a5fddb632fc116

      SHA256

      899e969d906a602274b95f8f82c0cbb33b275728c062c7478fd4926f7d890969

      SHA512

      e840a51565a663535bbbaaad61d49a0ef69117085475cbe6b9d3fb66a8e1d775cb0b2a16d68649455e95624ce6d9154529f0f0609d731b646f499ebf03cde798

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6b816b88fc780d90fe3d29358ae027f9

      SHA1

      5a4336a015aa2fd1b4a5a69e54993feabeeb7c98

      SHA256

      fe9bb95c0e69befcfbcb3c21ef9f2ebeb0864fcb55f5b8928424b25e2ed95a35

      SHA512

      3c41874261837aa34a418445a295877374040e14e45d0d0e37b65a74885597b7c3daf88737f9ebd4bf0ecfca38ea857c1819f2f7b677e782baeb04c5320f0afc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1ddd32ebf0546009a6c8c2dec7fa8a25

      SHA1

      7b1f142edba4b02432e4acfbf0c20b8fc47dd340

      SHA256

      aaf90b5420036a7e02718c61b46831bb6820ebf75a8ab022340181f121ec7119

      SHA512

      ec04cb36a71d5f3c3ac76b64a18be444c6b861dab2be296e7386656bc8cc53d5e95262e9ae9dd3b6a798f62a130d383cb223a3080859bdeaa4c150a97b8459a7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d80e4b0ac6c69892d3ed04f1d5b6e00

      SHA1

      293c62ed0cf3f3f974e5506511e946e839856955

      SHA256

      66924425adf79e1f8f4877e3ff7a0632a385b16dce125a1fd16832f08cb7c057

      SHA512

      a2fee6e854366dc36b1b35486db8ffe15903f126e0d549ae20ce9885d60086f82e8ed4ed18f6b4cecbf78b20e3d9a7435d5f447e050a600c0686fcba8e6ed2b4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c07ac861bcce6b7ee286e59648b1787a

      SHA1

      06e902c80461485452b8b3e5ef2667df143d76ed

      SHA256

      1af29bf6fb88597b478a45ef192e05f581d94526acc8cbb0ba623624e5a46d60

      SHA512

      37646a5c832a1a0cc7dee7076cb3056336260281f8dedf784d620ac7e643bf56b56b811e5ceabb9d0b4beddbe4c898e3734976a8e4f8435d8e5d141c7f4f2a1b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      308ea4a27732440d01fa6c4e20e3c207

      SHA1

      1fb196e59b785fa0f7594f1eee3c48197fc0fd0a

      SHA256

      8142506fea4c0ff8dddc4aee45c5fd804db3675bf7e59b9f9a18dda8cfa4c88c

      SHA512

      8f487fd92bb362db584e55065e2d9720a1d265a27150376fd82ab48af53dc80b5895443f288b3e9fa04f3b5dc8d693c540f66df31953594cc3ec9511f78dd044

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8816.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8948.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF0A644393D8B35D46.TMP
      Filesize

      16KB

      MD5

      ecee26f4ca67643f2cbd06df67adc46f

      SHA1

      1f3422df567c272914d3d5aa020c46c256b3ab91

      SHA256

      2139dbb40d75e147b48741408c42c592eef93dff264d80da98ac106342efe49f

      SHA512

      36f952a041e7a89679b884f40db055eb1ddf29ca64da30127c62f57cb71757bd4eb084b3ab7269f5c2fb91a66734ba41236bdfd38fc03a7a51509586f451c325

      Download Submit
    • memory/2356-6-0x0000000000360000-0x0000000000362000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2356-3-0x0000000000260000-0x000000000027B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2356-0-0x0000000000400000-0x0000000000447000-memory.dmp
      Filesize

      284KB

      Download
    • memory/2356-2-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download