Overview

overview

10

Static

static

3

a0860248d6...18.exe

windows7-x64

10

a0860248d6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0860248d6e467de04b2865fd3c3c431_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    a0860248d6e467de04b2865fd3c3c431

  • SHA1

    49ba1efab294ff2e13e9805d9b594cde81b0c246

  • SHA256

    ab4ba4684df7a4d2b7817ab095cff5d25ce07f969a926bf00e7f8f928812b2f0

  • SHA512

    292d5d38abdeb35bf09375f6754c1122ef452e517067bcb7d5c10dccc6c119e40f13a517c36599348d458abe037953c098b01854db1ecf39c9c1080bfdda8b98

  • SSDEEP

    3072:96ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Edp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0860248d6e467de04b2865fd3c3c431_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a0860248d6e467de04b2865fd3c3c431_JaffaCakes118.exe"
    1⤵
      PID:2188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2784
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1632
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2428

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8b5e2aee4e59c5a41b2a59d1263d787a

      SHA1

      f131efba013698586e05e03203fe2c38e6689293

      SHA256

      b6938d2afd58695c781238de7873394ccbe4c8a5bfc6bdcbcc8427477a026500

      SHA512

      7ba94c8a39c65ccc7f7316de17b14f5f66f46f2f014e708db1961b81341a1b2768ed5b82076f937128b647c3687b190ecd94a11fddc2a04c5076b3ed15c84272

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      605439dd92ada55a64a55e982ea93f91

      SHA1

      8bc321e62604e88e10e4b6076dc73425f8810fba

      SHA256

      297d6e31a4222b1b0300c8979f12fb7842532f7a7831ee2ef11d5fc11c5dd301

      SHA512

      c42e6c3b0041bdd04d9eb79891506cb3760193631f59c09a4cb10dc4f400f1d88874cba71f8dab6d6830760f41022239ca2182a324593662c9081840b2b147ca

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b01a285e12fcec56503d6058fdca4fb2

      SHA1

      b6d8f0fb4ae8236770dcfb673da0011d959c3eeb

      SHA256

      1a6cc73f77217d8d46d9fea5dde4764f6ebf8b55189ee914e6fecf1db428a0de

      SHA512

      6fe6eed09fe57b5dd9f97df1510dfd80c355154d8bfe2e34cb4f67a03ed6e5dca3f1c7a7c4adfbe1a7dab8210e99907c61ce30b0a635d79c8b0b910979a12b95

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81de9bc1a7c63f8c0299aee8f1c3334f

      SHA1

      ca528a27be5fe87cadc440661bf921184ed625a0

      SHA256

      a9d0555759df903d684f5bb5b266f7e2b3b1aafb8ebd0a3bf2eefbe19e9496f5

      SHA512

      b424e9d0829e2e8c44caa9d279dcd63b716363688a687a52dd860cf9c06d12b0cb1114dfa8f7967d3fe198229ce074be0414b117a7fc715c5b8b41ad3b95b93a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2d66a63a538b4a1552d457f4fa17f56

      SHA1

      5636ba52c41ce9e75348a57719e85c135fcfb706

      SHA256

      7dfd722ef8260259db6ab6968f7a626b9687f21769ad687af429240af76e1f6f

      SHA512

      24ee622d4b48cc2bd73c585771fea6fc03dc075ac1812bbc125627175fd6f605cebb40aa047dbf37919d40589f0f3ff71ddfff64ad72bb2d746715e83f58e204

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9dad85976b98ef7f66e814bec2cae14c

      SHA1

      84df1fb7f03ee271fda83638632a599a5d4f91cb

      SHA256

      54ec8a9fee53491a7bba6fc9b15ac5fe7a93ec2cd70a5591203fe2950c4169ad

      SHA512

      92849ab607ef71e0535c199dc00009d7176d3b1dad755f261109773dc3d7b72dccb65673ca59cf3270e4e4c154aa341db48266e8506cfa5535a4894c3c75834b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6ed07e4f26d0ff4abf74e419076ef4b5

      SHA1

      7b74bd96cf74e679368b9dc5eaddb326b73355d6

      SHA256

      32e56f2d799cec914ba5db924fed211dfa40acc354177a26ef2e64928088c1f4

      SHA512

      f545c304cecaad377a5bf2e20f982550d4753bc55cfa5550d3af862ea90aa64e745101532ca295f7dd7b11bae8c5b27681233bc61c0d1e30e45c3129f98a767f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c601a18dda85f6f557f65a476a2ada3

      SHA1

      dffeca6fc88bff61e43577f18f1af12765a6278a

      SHA256

      11343d7f3e2909ec77fb1dca61d2e7a3b1e76e6318fd37f765a63d8fe0c20465

      SHA512

      28c803ad3e6909bd0e02411091e51131111a53cc841e58f752b3b9d0d9c45287e6efe6d5988dbd2456101637e166c73de2cf317e97a22a5a8f7e35b47a754244

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab2407.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar24F4.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFD358E6A21736C472.TMP
      Filesize

      16KB

      MD5

      50f124ddb1667eb89585594b2ea285d8

      SHA1

      7f93f006fb360194151ccff56dfc76faaae936ae

      SHA256

      b0437f1376470e06f67c72e30a9446624a013d420912a5ce2f4b67a4f6dd77d6

      SHA512

      99d872ec46b41c7f17fafcf253d29b2be84765a7ab531bcea1398232808606002bc13e828275ad77a1084de19197e37d65ca3e619e4dcaa34d50c960225d4823

      Download Submit
    • memory/2188-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-8-0x00000000002B0000-0x00000000002B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2188-4-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2188-255-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-2-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-1-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download