Overview

overview

10

Static

static

3

9d6dc9c936...18.exe

windows7-x64

10

9d6dc9c936...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d6dc9c936594390a965943da28e5bf4_JaffaCakes118.exe

  • Size

    239KB

  • MD5

    9d6dc9c936594390a965943da28e5bf4

  • SHA1

    d6cdaa9b652de90f353ab63bb39de74024007e63

  • SHA256

    10bb327826096da6dc25892df7158eaa359ca40fecc45eb147524b87ad506a11

  • SHA512

    0ea6eacd5358b4fcb78d391b23ca0f5f16123c63b68011287ba09e2721a83d5670570b6a05f10bc44bddf9c5791d5ad8869a213d3eb03a4f0935f073aee30868

  • SSDEEP

    6144:nCm2RYdkZFx0pOF4/1nT5tvjjnFJuFUnnjiGfu6m:CwdktQ/B/3koGGBm

Score
10/10
gozi3474bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3474

C2

google.com

gmail.com

q982yeq23.xyz

t7763jykqeiy.com

hjruu.com
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d6dc9c936594390a965943da28e5bf4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9d6dc9c936594390a965943da28e5bf4_JaffaCakes118.exe"
    1⤵
      PID:2864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2480
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3052
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2780
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2412
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2240
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2f4a782465327ed5ecbc8b36417daee8

      SHA1

      a5db216ad9a9d1f95035bddc4065b1ca6c29636e

      SHA256

      79b7539d9073453515d166f4dd8eef666b358ea040387669f401144f79b90934

      SHA512

      adf69a7b1f43170441d7d07928c9b0b170166b2ccfdb5a4897bbfb011e0b8341d9d4c4c20e1c41be1cfe9a0b0abec06371ec887bd0b40b9bca78a62d7f57557c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a6bd88b667d5c372100c208046afdef4

      SHA1

      285dfc2ae10bdd6927870a5a48f867d371e4d38b

      SHA256

      4c9850595f1c44fb76d67cd10bd0e658a29d3e9c16f857e43f30719f3deac38b

      SHA512

      0888748e97f92136e646c15ba6e75f8cf0a715437e1e534218f7afaae08cb9d58f0d7db7488ba91b9a7de3dc6d2116d428984fea71060913fe060d63e5a3dc80

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      89a7ec30af786c3d01f16406b531a5b1

      SHA1

      5e83bdb9e9fc3f2ab9a7cf5341e5b6c4f0818f21

      SHA256

      790ea7efd86e6cfe314b2cda5cf4dc509a15d4444b95232d167d8adb37d5b849

      SHA512

      7b1b15fa1b60ce567969df5f0c330aefa81ab05ef69cc93ac26dfd4490164a2284e388f9d342e458bcc53996533bd68e1e93175168809c3d9775df805b9c2641

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      264852a0b8f64f4a8036d6d1e9c18dc0

      SHA1

      b95e17786ee12847f7df11ae098bc7c600093851

      SHA256

      a1b701a5ac1b1d5c358be354436c20148a6e519aafaab059beccfdfe6d070d5e

      SHA512

      d74dc16d4de462417e69cec05ccd89ffd3037910f48109251e8e42aecc548a569000c9edf30c39a41af2c698e3cdc60a454327b3bbf4383a4c71dc9b6311362a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e1cea862b48965c41d8cdcbe8e036695

      SHA1

      c78bb531b39f5b9f5d5fdc5e0da2c3b78e996889

      SHA256

      abc049477f59104be6bf66e76f2481b0c9f18f135c529d02aad4ad99f051deb7

      SHA512

      85f4354645bce42a0ea1f0720a64d7e894bfbb8d188f53e4f0b29b773fa21f62d882e59ec82b09ff0a73270c1668ace988331a7d36555e99ccec7a941838c92a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc0c4eb304ab63c6556eafea911e201d

      SHA1

      3214493441083af3b76f0c5cd40bd3e66d7d3904

      SHA256

      4cff22b7f45577bccceb1d82b37b8285bac4f1738d719c767f9a7b898f9f36bf

      SHA512

      d9a5a5b0ba038e6b07951ff5906920861b23286112b0688f20974c6b46a882af8d15b6fb68569b49a817f4aaa448174af361d4cd12df21a5ef86d415cdf2bbcb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a2606bf7354a432955a993db46925638

      SHA1

      c17f274273d1d79c0ae677777d2a6472290c5758

      SHA256

      056903f770edd34e0b551078a33db51f315c93056bf2743c49bcb1a60ab987ad

      SHA512

      2dac8f81a945aa4ea7116abda16773286b42d32a6c812270d4e315647a27c47978d990bb97c563d5e1b9a5b287a14b44371bbc41af5f7cc289db187fc6692a90

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fe7a8d2751789288f582a1b3e5333e31

      SHA1

      524a36e0bf4aeef08ffe12e30cac296a85bcade2

      SHA256

      8a89d5b53df1f4cb4e8284f7f0035e2cd29a1ef077beba11e21eff0cdc09c50c

      SHA512

      a3b64df177cee83091c688ced16e5f82ae638de6744305c3e3926645841f4d2997e4744819599fafb2638dcd768d2eb04e79384033c4d26bf3dfed6879143b93

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA99B.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarAAAB.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFEA2256A999DDBB14.TMP
      Filesize

      16KB

      MD5

      2a3ed139225d3f03772282139df960da

      SHA1

      033c41eeeec43fba186b86629d66c725f3459854

      SHA256

      79099ed0b42149b034889d4e530110f7105240f25d45100af4aa018ee2a4340c

      SHA512

      26c9c3940dc52285f13a61c4fdf41d5a9eaa47f9f6dad2814f886031fd5ce8a0d4974e54b24bca9ce2a9a08109405bf3e3df3d28923e7868b4e6c2c019319c44

      Download Submit
    • memory/2864-9-0x0000000000130000-0x0000000000132000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2864-2-0x0000000000100000-0x000000000010F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2864-1-0x00000000000E0000-0x00000000000E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2864-0-0x0000000000F30000-0x0000000001036000-memory.dmp
      Filesize

      1.0MB

      Download