Overview

overview

10

Static

static

3

98eadd52d9...18.exe

windows7-x64

10

98eadd52d9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    98s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    05-06-2024 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98eadd52d99bd13ac19f33bbb3e870c2_JaffaCakes118.exe

  • Size

    648KB

  • MD5

    98eadd52d99bd13ac19f33bbb3e870c2

  • SHA1

    0cd4bb86b7de2c7a3b0bcd8cf4281bbd0c4d6bb6

  • SHA256

    e76979c82e8b0da7e11945e1f42f0ee41d14c5150f6bafc46fdf0b5c6db9ffd5

  • SHA512

    6e22b8c0baf8ccedf1f237c99f75c5fa5170648b9778f282c75eb9cfd1859025d9d138af58f3415f4fe25cca63f61457eb0c72e8ebd95cc045073ce69b4f7a6c

  • SSDEEP

    6144:Q5mTEwUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEw3kEDnQdM9rEju0TH4l

Score
10/10
gozi3189bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98eadd52d99bd13ac19f33bbb3e870c2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\98eadd52d99bd13ac19f33bbb3e870c2_JaffaCakes118.exe"
    1⤵
      PID:2424
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1196
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2128
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
        PID:2880
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
          2⤵
            PID:1636
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
            PID:808
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:275457 /prefetch:2
              2⤵
                PID:1664

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
              Filesize

              70KB

              MD5

              49aebf8cbd62d92ac215b2923fb1b9f5

              SHA1

              1723be06719828dda65ad804298d0431f6aff976

              SHA256

              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

              SHA512

              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              a41d3e27472c9c12676a12ecdcc03612

              SHA1

              a81cafa514e3d20fdb7a046b523cef6af0228547

              SHA256

              6709131b0a49a3bc1ff363da72c720bfa4ee52666da0ad8264f00ccf0315fc60

              SHA512

              12ccdc546804cf6308bff4bfc45d8e7048877e66abcea50906d097048d8803307cd647c2368203dc35114a6d3081edf41fb70c4e8138b8f3ecdb6a4d73cd52a9

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              94712c3b0c833a18cdfb4378001a82e7

              SHA1

              a4f58e0d229f978b012419cbfcc03eac61357e7a

              SHA256

              2f440b36e845bed936476343185e890c334dea5f81adbebf92a2b4b08d659459

              SHA512

              d970e177c53b07ba12b4744d247ffbf6969d562f4d5893f6424e45e23077142077970fb33b08b95c8119613af6afefb00059de48b300b6b09113a1a090111179

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              e04a7e599a697f57d816447e5e2a99b5

              SHA1

              5e2fd0410c62141a19338d1c59dee0cb1781d486

              SHA256

              2dccb6bf1ff6d0302535b11ac4be8b8e56cbed9a2114994b9e1d199091b34514

              SHA512

              b61aedb9ba9424cce85999b9bd2d13dfcc284cdbaa54e3ca05c9066bf1b7056b59acf17a4c47c11e2999202513570ce1b865b138afee504e24d7ebca65054ddf

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              95e3a6206559c0ad2f9c9e5b34adc629

              SHA1

              63de82fef4b2824e58689dbe1704c44f3928c867

              SHA256

              474382079a2af47bcb8c73d047e6c7271c35ffade85b9006c0f2644ac564703d

              SHA512

              6a303b667ed2a53082fb4b45726c8463459464693c823c7d21acf65bb10a2900c42bbd07d38da33e98823b794632122d7abd3df1c855a117d4b96df7f95306b5

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              a6ee701c5718e61bfd2a16e7c1725ed7

              SHA1

              2420be7cc3ca309386baba7410f7302ed5e113c6

              SHA256

              5bc2cec6e96acee7bebe38e7b5e76fdbb86d5a8fc643e2b310a358c3c9834132

              SHA512

              c13bc886f1e3b569e3bec2de48f366eb0f28813fecddf0427de885e92f9b41bf186d412a7c75004161949d7c6ff1369c44fd6fd4ce53af6d368225083b6634d5

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              9f09271cde4f8c882b9d7c7bb99ea07c

              SHA1

              49ba06be4563de3a65cbb50ee28ae5f01221875d

              SHA256

              bcb1000ef3037ab467569730b6c8c140850d1a17127872f336a52f8d03c23cea

              SHA512

              0a489e55052b9d6d9f2f7df87ccdca5715b25be0b0820768c3335f071d594fa2af5da6863a0acfad0d49979a10d16afbd79b6dd89d0de8aeb9533a96fe850991

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              3d2fcb79ab222dd91b8c873a29037a37

              SHA1

              800df4dc7fb7798716e7895b7ebe6efae0864a29

              SHA256

              87838e44309b09769f8a838b7a85284bb99a497933e9be5fc2c7358dce0e9d1e

              SHA512

              6feb44f339a745991ddb5c3c9042e56f6670c588f9ff9af94fb590f64d152386024c5a4dc340c83146f523f00677265fd6ba37d25837fadf98cdb1e6ff76c1e1

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              25de518ebc151ce106017559b0fc8848

              SHA1

              098cda70e6bf0171ca9fa1df96a977cc53194422

              SHA256

              41b08d33cfde512461882ac7322b1431ee73815c96e9a1b84c1b7bd5654c426f

              SHA512

              c612f9adbbe2cf703203b8bf9a9a5ee5f4f3894368be9b20d3bcc531a3725cfe8f2c2fcbe88617e05ca5557f10486b4654cc05408731680a056d934f5c19f3b3

              Download Submit
            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              7afd960be9e998b5f2b3927f1ea254e6

              SHA1

              2795e4860d2738ad0682a422f2b4e8683fa73d84

              SHA256

              d638b75ebb8a43a4727209f65bf80b016cad38c1453d36e925f0f88302d28ebb

              SHA512

              b3d5d321112cf0d4a1c895291f62726c9c879ca5924fd52ed84951ce0a112dc0aedd063cfe52f77e3772b47dfb753418522a01efa6c92a2510f672a075098dc3

              Download Submit
            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\NewErrorPageTemplate[1]
              Filesize

              1KB

              MD5

              cdf81e591d9cbfb47a7f97a2bcdb70b9

              SHA1

              8f12010dfaacdecad77b70a3e781c707cf328496

              SHA256

              204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

              SHA512

              977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

              Download Submit
            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\httpErrorPagesScripts[2]
              Filesize

              8KB

              MD5

              3f57b781cb3ef114dd0b665151571b7b

              SHA1

              ce6a63f996df3a1cccb81720e21204b825e0238c

              SHA256

              46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

              SHA512

              8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

              Download Submit
            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\errorPageStrings[1]
              Filesize

              2KB

              MD5

              e3e4a98353f119b80b323302f26b78fa

              SHA1

              20ee35a370cdd3a8a7d04b506410300fd0a6a864

              SHA256

              9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

              SHA512

              d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

              Download Submit
            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\dnserror[1]
              Filesize

              1KB

              MD5

              73c70b34b5f8f158d38a94b9d7766515

              SHA1

              e9eaa065bd6585a1b176e13615fd7e6ef96230a9

              SHA256

              3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

              SHA512

              927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\CabA3B1.tmp
              Filesize

              68KB

              MD5

              29f65ba8e88c063813cc50a4ea544e93

              SHA1

              05a7040d5c127e68c25d81cc51271ffb8bef3568

              SHA256

              1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

              SHA512

              e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\TarA455.tmp
              Filesize

              181KB

              MD5

              4ea6026cf93ec6338144661bf1202cd1

              SHA1

              a1dec9044f750ad887935a01430bf49322fbdcb7

              SHA256

              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

              SHA512

              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\~DFF18FCD61A94F8261.TMP
              Filesize

              16KB

              MD5

              5521b1876ce1538159ae3474aa6932e3

              SHA1

              1785466b1b6b32b81aabe801daad1c8d7036e3c9

              SHA256

              a42b4cae04ba045f935d504be9159902b72a5a956b035323806f58bec8aca420

              SHA512

              39156797ea9bd24c736d18d51c47df90245607ee3a4b49f0cda23c3e8ea27971f28ac1d0e1f24396eaccfac6a76735346f491b00b806dbe0bc8de4a3dcc69145

              Download Submit
            • memory/2424-6-0x0000000000540000-0x0000000000542000-memory.dmp
              Filesize

              8KB

              Download
            • memory/2424-1-0x0000000000240000-0x0000000000241000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2424-2-0x0000000000390000-0x00000000003AB000-memory.dmp
              Filesize

              108KB

              Download
            • memory/2424-0-0x0000000000400000-0x00000000004B2000-memory.dmp
              Filesize

              712KB

              Download