Overview

overview

10

Static

static

3

96249bf205...18.exe

windows7-x64

10

96249bf205...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96249bf2058cf89fdb4b10e89102c678_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    96249bf2058cf89fdb4b10e89102c678

  • SHA1

    9c977c559c34cbcbf7681a5804d6efc19cb88d46

  • SHA256

    016cb78560d0175795e9d497371b48bc3ad919a4d64d7a6bad0185e88ea2e1c0

  • SHA512

    c1c4fd1f2395bac89a98cb00cd65dea54a21d7c8ce1596c39f270e2b7f23611086736e56d2595b760334ad4ba2aa5eefaf5ce400408f9f14dfae4ed2d84b3624

  • SSDEEP

    6144:9VfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:9VfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96249bf2058cf89fdb4b10e89102c678_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\96249bf2058cf89fdb4b10e89102c678_JaffaCakes118.exe"
    1⤵
      PID:2276
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2572

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      773790e16e8d5bf32befcaecd409e16c

      SHA1

      9c3b0b3e193f7d6b56e1e2208884b0d3cf5a8c46

      SHA256

      7880c092b6b3e20f8264c370e8c77de908d2798dc1c87d1f0fc2d968e2ab6b19

      SHA512

      b8d9938cba5139418190383c7dfcced39f68954db262e3f667f11a5b0cffb59f40b6210d531eab1611c0f601baa39195acd57275a6e4d4674795dd73b03c6857

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f3a21cbfbbb5ec96882748575eb16f96

      SHA1

      d1b78b80fc3b220006f699e68eef7ff0bf71b0ea

      SHA256

      9e5ac3194d427c944716ca90a75fd428364db9187379b9006d6839c43e9275a2

      SHA512

      9355e08ceb68f7d45dcfe23144ce75fd6690a743ef1b22a9cb9cd995e2e239c74ce4ed0c0199ae6edcba38179d2c5ed2c6d5baa6dff06fa10c2a53f8e7ccb495

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e047f2aa7adceafc8022e2e4697bd47c

      SHA1

      c589ec2530e48dee4110fd22279654ae43a678f8

      SHA256

      ce61cf45cc82637a6a484f28f8a4e0e5d86d38a6281a8120f9f2f976009814fc

      SHA512

      27af12159c42a28410f6764b968792772014cc23e6667760b557fa94584d9d22c939a59c8ddd97f376efe4991303a525f6dd001501074707a6a025d4e1b59043

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      954e83c5e2f6bf98dee1d92797d8c260

      SHA1

      de02664284c9845e8c12cef03cb6106132805788

      SHA256

      6f7739c6cc505bfdbeda24e40be5a8c3c01fb10996b641e9ec3406800125d037

      SHA512

      114e98da5f3a8d12de420e3d6dd2f3db7e4eec39f5bac57b47b248849b711e9a7154aa17415256c54abeae73134694105e762635977bcd1b5817cff4cb8e6150

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e5891371be00ed08c56e3334d3010e9e

      SHA1

      0eae9e058322d51908ce17392cd7088ebdb8cbe2

      SHA256

      983b91d95b46e0322896b93a2354c2220b7868c024b2dd3bd3b80abe3458cca1

      SHA512

      5df3649e3f893012e5136bcbf609d671222c2fcc9f21142a7e086583b07756e86cb51a2fec048d76c1d603df60c75625be4babf6a987fc467c3b1d5264d1e9d4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a1e952445b794ddebcce7405a1f6a230

      SHA1

      b6e3c4ee9983f8092cb8181668244882b65f77ce

      SHA256

      be5519945f9d068157ea83c4d72e477872ff3f86fffef28aa2f033000082b96a

      SHA512

      13d961199852bc34076ac0d03dc88237e1ea55d3e1e6a891c4bcd0e9266f1c222924f4b3763311264f5086316135df6d08d7c80a2a61c8d2dd8d9742650adad3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      79f1395f77c143d32af595bb2618a7be

      SHA1

      a6a0a74460873889b43ceb551f791337bfbc396e

      SHA256

      ca2146954155d68a956e0f908cb657ce5c8d5d5a8d06cf7ad4e0b2a27ec73e2e

      SHA512

      49c37b4d753d745be88b3f70d0a62e25184c1cafe7df0f7021faa17a948c455c40b105e6beb56e0423045ca809a6ca9d3c5282d0b560e233c44a9f2ec5a46027

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c0a78e616a7c2612e8b9185bab99f3a8

      SHA1

      abf762778e28e71931eadf45fe960864a012dbbc

      SHA256

      66e072a2ce5ed5a2899d45aa657ec389ec2ab2a6f6388fb6b4b85b8348a59795

      SHA512

      b1b90bfdfdeeaf4541743c0e4ba028313cb1dd64f36900ffcf65afd2ac6c6e96c8b8b4966b39288df7d2e10cc7443bac64983edeb2f0854b30e06c2ca6581d27

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5b42b35374384631eb99163ded25e2d4

      SHA1

      307009951b197cf4226db1f48409e8659eba89cd

      SHA256

      35c1130990da59769dcd134cec0353969364f8cd8c6dfebe3aef1fa8917c3f3e

      SHA512

      b9b40e65e6b1d16d854d78ecee58bf3433eb84f3cc41a3e9acd5c8c183618afa0e55c768969ba9212b8cebd428aa91d7b9ded80398af2dbfd27f3ce5fee39238

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7F9E.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar808F.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2276-0-0x0000000001160000-0x00000000011B3000-memory.dmp
      Filesize

      332KB

      Download
    • memory/2276-10-0x0000000001160000-0x00000000011B3000-memory.dmp
      Filesize

      332KB

      Download
    • memory/2276-6-0x0000000000160000-0x0000000000162000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2276-2-0x0000000000120000-0x000000000013B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2276-1-0x00000000000F0000-0x00000000000F1000-memory.dmp
      Filesize

      4KB

      Download