Overview

overview

10

Static

static

3

9a2c97539b...18.exe

windows7-x64

10

9a2c97539b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06-06-2024 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a2c97539bf1eeadd6dc80a37d4f7e69_JaffaCakes118.exe

  • Size

    376KB

  • MD5

    9a2c97539bf1eeadd6dc80a37d4f7e69

  • SHA1

    a09de9f9ff3735b305d2b3fe3aae69727b02a1c0

  • SHA256

    6c1798d875cc088bb42859f1eb8ed15220ec07e1e45658083f65bd466bd65ca9

  • SHA512

    8f6b15065d6ef7f7f3af46a54a0f0c1eb4276a37e862ad5e6f8250407e1d6a2a355bfb787c37afeed0baaeca01138bd5e1f9ba9bae13e4a930dff6f53a5f8227

  • SSDEEP

    6144:tFqTpMmb37r+TiZNAqMRQzRZZxKxMFihFAziYQuLNMEC:t0NDmoNAF0RZZxKGIFAziYQuLN

Score
10/10
gozi3193bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3193

C2

fy76qn.email

dst1894.com

w40shailie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a2c97539bf1eeadd6dc80a37d4f7e69_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9a2c97539bf1eeadd6dc80a37d4f7e69_JaffaCakes118.exe"
    1⤵
      PID:2208
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2684
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1692
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2780
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:360

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ae08eb5eae2b41af2c63b72af46badd9

      SHA1

      b8db6412e9c97871a0d4d4633920831990ef1906

      SHA256

      05080b0b852229bddb7841df4c4c70518e18dc1ac133a35468918a29b3c0752a

      SHA512

      1dfa95a41ed8c90e8df6921561f517925cb614d4f7434233b5ed2f041d15f58ce2b250631b3fa33728fe5d98d0bd8c3536cce9a808fe534b951153cca80df1fb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4af6a5edf9035bccf756739d14729714

      SHA1

      543ae09e7d93d36917e4f4ba2419f0b6ae1fba60

      SHA256

      72229fa9583704845e66dfe18a9adf5942a811424a223d9874d812e98fa747ec

      SHA512

      0b306a2a60789f9e496b60425f18f1000c1574645ebcc8fd46532819e633139367044ca15e6311db82ddd2e24ec2b4d45ac20d34eb472d307e5d35d0707b4a70

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6eba3d3dca0b6d26335b77e044a355e6

      SHA1

      27283275a45587a1c472cc96ece4375804cea6ec

      SHA256

      17bf8516328f071592061fd11d2e0853aadb66d3fe3bcbc3d5b1fa96eb9763c2

      SHA512

      92ceb035e3310afb80ffa0b84cf10799fda16e4b4daef15f8b4943b61149497e098a8249024c583f99e80d1c884c6c3b0075276efb45d35c534046a07a59ba60

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b5fd1e2bdc17da4b572088111fd55851

      SHA1

      47b3ac2e74ff173cf0388841ce4254cb77529017

      SHA256

      2d2c1c63421c8d94173241fb9b7998138463c3d71765538efd0b341b2351f9b9

      SHA512

      895019111672af866a6e9abfd876776e7162e7b5ea3d88c2fc7b4868671da79740e61eabb46790f22aa63b75e4bd94d89bc3154fcee938816b23c02aaa477730

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cce12098e89d71faaec88b3ddd5cb272

      SHA1

      0952e8d62d447dc611026f609b5fb9e24655d7fe

      SHA256

      50187673daa7a21e091807c34538ea0ae3a0a3ff940177447e2ccdeb2dba85c8

      SHA512

      ee0943550a7d854e58420cd9dda9b4fc8755013574b5ce3782db1f834cf3465e03e293d91e53b4f2690e4ed2647b37b716aa16ce76b1f9fd84203894866488f5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      314e4ce729edb1ba2e37f26b4e4c25cd

      SHA1

      719921a289a43d3c3b3e956b4d8761c71f487ba5

      SHA256

      5436dec9b9027d0e8de418c0f4514b83852a2f315190fb8e8dea2d482861a06a

      SHA512

      dbd456174674ec8300cb07d0749512bfb107c08db2ceff24850d7f4135b3fdd48f76536f3763854165918c734e60e2f731770aa1c87ebda31ffe66aa877cf71f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      55700f785b68d5997626d9ad2116aec5

      SHA1

      0bf685d318e58c437cf10b17b489ddf5bc32078f

      SHA256

      045e2419f6302f0e40de8a5fffd1e9d10e1b39e55f98e148968d9d2eddd8adf9

      SHA512

      94557e9caa41bf297d7b1d8020d11f412020df04f04646cb58fb6ed27b1b9345b2ce943a239e086b53a32bd30af125b15d41d64211ac65474d9db159e2682898

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2e1970b6597549235d1b882f7b103b1f

      SHA1

      9b02ef8de31e2bb419160f8feef903a36d30f0f3

      SHA256

      7e02309d0e6be8827bbef158ab280d420790b2449040c8fcf659f60cecc1f713

      SHA512

      467f7bd5831fd4640bc38b6d9439445d94a664559738f2d11a30a9e0e19b0385db6dee34376aaac2f89120b397216936a1872a9dc3ce0c1461cd46b754d72ae2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3dd6fd3e289a201a7ce01f6e554399b3

      SHA1

      8f5ea7d2e73596704d59f1e6be74fa8381612a37

      SHA256

      85c28f666caad13e6c71427dc792f963350d0536e2a8da32d42b16b8746b8e93

      SHA512

      eadb5f36317ab12691f64e83223001ad9573fac8cfacf2395e754b678d6dcee10cf82533b1ab86ea3b872e0011a6719b28393023fb343e7d01b21d3f4778f0fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabC140.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarC221.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFE8F651DF797D5C9A.TMP
      Filesize

      16KB

      MD5

      d9b5765db9c37e9ddb3883f8275c7f62

      SHA1

      decdd922ec3ce1715fbfd2f6f74c6d9e65c3676d

      SHA256

      04ac8cb7d91b67f94c245cedd20df060962e0a8bb66425f80c39f29dfa1e5916

      SHA512

      1d42ebc911fa4f7b61b6422f819d6b323edfc9de7e562e2183ae547bcaf3f79711122cb704dfd304acbc21b54671ee70a10aba2813742df892f2ac7a7f9a3d5e

      Download Submit
    • memory/2208-0-0x0000000000030000-0x0000000000097000-memory.dmp
      Filesize

      412KB

      Download
    • memory/2208-6-0x0000000000370000-0x0000000000372000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2208-2-0x0000000000240000-0x000000000025B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2208-1-0x0000000000100000-0x0000000000101000-memory.dmp
      Filesize

      4KB

      Download