Overview

overview

10

Static

static

3

9b45107e63...18.exe

windows7-x64

10

9b45107e63...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b45107e63f8cf2b0d659eb22132200f_JaffaCakes118.exe

  • Size

    324KB

  • MD5

    9b45107e63f8cf2b0d659eb22132200f

  • SHA1

    0c5768c5e36ace606a0b95153c1da6ff89d2dea8

  • SHA256

    a3b9e1b3284b175bf1f7f199489bef78ebdca75618d2b66e1f99c298eb79132d

  • SHA512

    c5f35094791480cb05b374a1924adce3dc586f9b7ee3b7b44be7810949b209c8fc8d9143478580e7466ee4cb2d0ba4c30e5ae7298fb71c94c87ae17705ddfd1e

  • SSDEEP

    6144:MwWEGMHLDO8+IEsOCj+PlTUtEyor6rPPPMtMQKdv69J07uQ:MTEGmO8+IEsOo+dyn/j6J07

Score
10/10
gozi3423bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3423

C2

google.com

gmail.com

sizfjalenk51.com

v25brigittet.com

k23ueugeniay.com
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b45107e63f8cf2b0d659eb22132200f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9b45107e63f8cf2b0d659eb22132200f_JaffaCakes118.exe"
    1⤵
      PID:2356
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2488
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1672
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1524
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1764
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1424
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2748
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:704

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      ba7a4cdc4badf446c0e16780654727eb

      SHA1

      97cf979906dc61b2132da670649c409b05b77396

      SHA256

      14c33aa7c11dae698bd78ea6e23ca7c06b5bcfb51327093cb1bf356cea46877c

      SHA512

      21d3340137c16202e62b51779b12b3e98ffbd4ccc921bd862a7ad043adfc28346ed79b6e5ae800617019c23eeb61876d8ba811212091b02957b331b01b5b1768

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a19e7a1d5744f2c4d5f7a21472f7e30a

      SHA1

      2fb8b8911479e9c6beb9d60eb6cd094e7c6c33b3

      SHA256

      84ea8e9ab90b480202f66db247c4fe401bac0b9750d9af04bcb40b388def1457

      SHA512

      74605ee670dbc297f6a6899320ce8c50ab93aa16b0eab0194b84fbc6812e5ea7f32c3ba17b5a11fe8a4992abe0075c0de3f35bcf78013c9d09c5185f05e12a97

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c49698c53a5bfd42b7345053ba05e7aa

      SHA1

      74544f10496ef290f0a4a0b89b293a1fbd98f26f

      SHA256

      3d71b02c5a3165f4ab3def74469e1a8d19d5b99adbdecbf04bae336f201bd740

      SHA512

      e1384c5c8ca384fab2e9a8c65fbeef642dbe11a6dd0bc4d549b5e1048526d302e88e516b11c77ebe8ae2e6db4a12781e5d45b457d1a7777bc7874a1ebce7259f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e532b08ced94775afb6de32af56f6f77

      SHA1

      e293d8f4e1bf0d6147afd02408d6d88916f14601

      SHA256

      36d271fd2667df75d4fd84be5a5969e54872c66059922d6c7fbb7a832f6f1bb6

      SHA512

      8080fb92e5c48f71c66edc2d1e3f641858bc1fa606947d442777dbb5be411c0ae4d9008111ca9f6540f6549cd786a01d8b3a2a4bff15914551b971c3693e67a5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      03f9ac1a28153d2bbc03f09aeee7cea6

      SHA1

      ce05ebf01238b094bf7bd530c019813abd74cfbd

      SHA256

      0e416eb38a75cd8dbadc1aa59598970fe49a0a5c96b3f61c253bbce4bf0b495a

      SHA512

      0f5c0c38493cea54f56fb515357b787ee05ee6c07760542499916c6d715e6be779320cfe78d4a3c3f44602eb4f0f26f665a24db80f6fcc4730d9914a1550f8f3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80e0b4990de60f2342cdd7ecb70cf8b4

      SHA1

      e86e2f66fa48efb2d9160cdfdbeedef8bbae3a62

      SHA256

      01acda5bc70c90794dbb716a0a06128236c4d6a3420c6324f799feb65b2ff171

      SHA512

      515127b20f2c58e35bc6e871b49fa2a3467edab190e36b4214f18fc234d3180a98541d50a510e33764f79c25740fed8632735c2470dc26855f7d69d35db19138

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dfecdeb5fef4def7be67e45dbd913936

      SHA1

      f1ef9be173768a6ad61a079eb5a2d767c1aa0720

      SHA256

      7a00613e8bcde024020ff70b2ab5c697c8fcec9fc28e2fda1f7010647e08a002

      SHA512

      d347ba0d743cfbf53c7e7263346cc7242a3df19e5675ef161b87cbf8d5e547a08ac5b573855b988b361fc93fa8adb5b192873cb641503e42e97a3feb22d5e7a0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a92fc580741830927b620bca1da9ea0b

      SHA1

      1ac2085ae2a3c0444543e0cc08a4baf34996100a

      SHA256

      a103c2c44437fd9e3a0a8773a251c90f769a847b1d6f492347f9b2ade5f76965

      SHA512

      39a42afce73570f8afe1cbbba2740838b26cbf2e6735a1be134da351edd21337e4565721ae20cbb4d7e060536ccddaaedeedcc03bace98af4748d3f65ddd0bcb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      00e8d777efc47faceae4aa77f7825582

      SHA1

      5494e4f20d4372628e0b9e14c1b3b65afa296236

      SHA256

      1938c9e531fe013f4ecd1658fa9e1c5e8853ab62236ebb95aa170b37187eeb1b

      SHA512

      b394e909eb496cf39cc66312f73be086b92dddcb35a32b6e7b8679afa5d5c372d3b1baf60258c0485c056d075db1409bf7530d3575188fd6c50f8e36822fbe29

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      550d1c18a39292670508ebb2c92185e7

      SHA1

      1f836f33c1bd72f06df617236b4d7df3a64f0fab

      SHA256

      33057d18ed744e3eb3a133ab662cc50562025400513be8a76bc41e21c812f1c4

      SHA512

      95401115e02a0f6d0ee72bff634aa56726fde36344827b46fd1c08c7d87ccc757fe01bdcd1876c5c2c12fe7ecd3f388746115c4a6c862450c4aac9bb6a57aa68

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      08b7d15bd0943524971a3c7432c80ca2

      SHA1

      8cb385ca692379df64ff00330ac208741ed7a08c

      SHA256

      28f966f878b763d7aa162db2983a2481fd5905f44896e9fe0da853928842adb4

      SHA512

      5e3fc23f7c7f2ab3e9fd8a2fb0c323408c91314c4a7a001446283d747bc55f313ee509eb8cd58a927c00a161f33d6a91b7ba4c88a249895f4716d657b1bb3e2b

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1X39SKR\robot[1].png
      Filesize

      6KB

      MD5

      4c9acf280b47cef7def3fc91a34c7ffe

      SHA1

      c32bb847daf52117ab93b723d7c57d8b1e75d36b

      SHA256

      5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7

      SHA512

      369d5888e0d19b46cb998ea166d421f98703aec7d82a02dc7ae10409aec253a7ce099d208500b4e39779526219301c66c2fd59fe92170b324e70cf63ce2b429c

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBY9C54Q\googlelogo_color_150x54dp[1].png
      Filesize

      3KB

      MD5

      9d73b3aa30bce9d8f166de5178ae4338

      SHA1

      d0cbc46850d8ed54625a3b2b01a2c31f37977e75

      SHA256

      dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

      SHA512

      8e55d1677cdbfe9db6700840041c815329a57df69e303adc1f994757c64100fe4a3a17e86ef4613f4243e29014517234debfbcee58dab9fc56c81dd147fdc058

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9E72.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA01C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF5A185E13EE1BA36F.TMP
      Filesize

      16KB

      MD5

      df1ad7702e498db8848294961dbc3f43

      SHA1

      10120e81a8c2046b0d9bc468bb7cb811834db1f9

      SHA256

      fe0cc2ba81651916cec1cf6926782170be05dd43db5b58ae6db9dc4185884912

      SHA512

      23b505919037deeb786b3a43e6d92a1b7a959becc5f8770102902717226f194649f1a936f83217368d70f472e7ba22d66056d56d999f6367ea03dd7efd3734c0

      Download Submit
    • memory/2356-9-0x00000000003F0000-0x00000000003F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2356-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2356-2-0x0000000000240000-0x000000000024F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2356-0-0x0000000000400000-0x000000000045D000-memory.dmp
      Filesize

      372KB

      Download