Overview

overview

10

Static

static

1

9824928fc9...18.exe

windows7-x64

10

9824928fc9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    05-06-2024 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9824928fc96b2142505b0e9366c9e567_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    9824928fc96b2142505b0e9366c9e567

  • SHA1

    bc695025c53eb92503db54e499f4d44e02850c65

  • SHA256

    16b5504f55d019f8584d78672fea51b324a9951af34df58933659bc4deab55a1

  • SHA512

    928c7afd7ce6eb62f0de5e4f28803395c0e62acb83d4c1da48e53ef9fe483c14d14603bb22b1d57041d51f5db274e367403d6f1d2a111622d544d887aa54d620

  • SSDEEP

    3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2

Score
10/10
gozi92020311bankerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300913

Extracted

Family

gozi

Botnet

92020311

C2

https://appealingedge.xyz

Attributes
  • build

    300913

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • non_target_locale

    RU

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9824928fc96b2142505b0e9366c9e567_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9824928fc96b2142505b0e9366c9e567_JaffaCakes118.exe"
    1⤵
      PID:2196
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3004
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1816
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2680
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:824
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:824 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2636
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:236
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:236 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2716
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1256
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1256 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2676
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2496

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e80d9b327db727b4c67b34948abf2001

      SHA1

      299df765866e7cd91e920073bf0346eddcdf7f08

      SHA256

      46c44f3ae2648c3401122f885fcc7cc58c6784563e89f1c25b99cce0eda2281f

      SHA512

      8b534738636199de1fd35dd69ad7178f46e667c2199befe518b8fb794d7e4b99fb573c5cbad3950fc4b61c5d14df3b48c28e0392d67bd63bf9504266c7c53c22

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      951571615b5619974d14dda03f1b6bac

      SHA1

      3e4df37c05baca3d143b623a15c43e37d4a09a0b

      SHA256

      cc588e4de00c94ca9a52ac77b8360ecf31468898c5eb7da7a281dccc227b57bb

      SHA512

      4241eea1f7161850468bc9a387b3915fcc04652f3dad91658b0aeb8469e18c663db1bd4592900ad3d05e308af2830cfa62d1ec69b054050cf44a7f747d66af4f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0d77ec9396fd34a04eecb4cfa99648eb

      SHA1

      1210b6c65cb3057fd9f73d0bfeb6691110621f92

      SHA256

      12ea6b7e4e9143d8bdab9576c5362793bf7afcd93e6f896b9412a241d516b834

      SHA512

      250fe6f81a30fce31f85e83685225d8211994beb3d069871a47c178b9526aa5bf01da9685bbd331504bf2a2d5f26848ba7c37d06bf2f8d545e6c9653235b06cb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dd667e7aae5677943b2cfee9941fe486

      SHA1

      f4cbefd2b65abd898d2a93ec7e248926ee9e24f3

      SHA256

      b5b3597413df375ee588dad1cc3ecde4eec41531ac0bd0d13506902075dd7984

      SHA512

      000210e18a9ba3ac9faf0c28af5af04e396876a15d0ec7e9d566307314117f3f2b2dd2dce3f9a48b7182231da1685e35a06eb92ed2ce9d19f334ac2878e4aa75

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f3e8062cc1127f411c34e00b43d0b9fe

      SHA1

      684a1c9b82917fb7d8f6645347ecd3ba3891e212

      SHA256

      dac435d9339dbe03e0d161e26ddb0014c3eeea59a7ab23fafd8c47d933e1aae8

      SHA512

      411d4e938892574f1f1e398c6b6a79a47eb06dea5f42bcbb6d9d55db274c2a8844aefb428048c24ff666b542bdad2a5af4df0b6bf8a5ec554c57acbcd76b2fec

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      33f182f5be941d1961dad81301768e04

      SHA1

      9e251be8dd4be5d26ccc0d1946831049a064fc61

      SHA256

      557d918d2bc3b13f87c5593f3bd60f4cffbadff7ec929cc620a3fb3d270c7be6

      SHA512

      8b7c14ed5dd052b58f42b83f8edda6d922eeec237ed3da636ecb9923de66e2c3661da5fa86f00a0ef43d780acd168bc80ad62a0eab0cf0b3dbbd4e0f48c3b569

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      17811dc226493092f98efa4cb98b73ee

      SHA1

      30435eef273a410a1a0dd3dc16864d76949d8a8b

      SHA256

      634fff7e44f2cc87086a5d55bbbbc5a0f2f8bc91af8d53867d3a7104e056f25e

      SHA512

      2e1ee142ab56eb122799fdf7fd5ffc7aaa95b0c5026c6bf85ea846bc07c47c1569081ae6d7c61c3d252b54a67bbb2e2aae1edbf63adc9dc6ea7c226e43a837ae

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab5590.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar5645.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFBF26C22AC8F77583.TMP
      Filesize

      16KB

      MD5

      395418ed7cf2b1055c2cca3b39a0ae6c

      SHA1

      cc84e0e8be23fad74ccbc4ad866ce2aabbb4afcb

      SHA256

      31fdcf94d27105754ff704dc3d971ffeba20c65da2e432d12ecfc260a13353df

      SHA512

      6e382789edccb46dfeb0fa603feae5fe38f698de58c49a4dc078f0c6aaf548fcced27552a255520c5c3b66ad3013aceb7dffafd7c09ce6b7cc5f7318150a6f07

      Download Submit
    • memory/2196-0-0x00000000002A0000-0x00000000002C8000-memory.dmp
      Filesize

      160KB

      Download
    • memory/2196-491-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/2196-15-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2196-8-0x0000000000480000-0x0000000000482000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2196-2-0x0000000000300000-0x0000000000317000-memory.dmp
      Filesize

      92KB

      Download
    • memory/2196-1-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download