Overview

overview

10

Static

static

3

a7ca7815d0...18.exe

windows7-x64

10

a7ca7815d0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 03:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7ca7815d041f1e3737f96f0ecfb6980_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    a7ca7815d041f1e3737f96f0ecfb6980

  • SHA1

    77f0ded9c76cead081901ad554e3b9bd324d8470

  • SHA256

    7cd06d85c60c1584e6f9eba36a20760dac2e162015f4769235276b63583bb330

  • SHA512

    e425d5fa43b588df25bad0fcf655bcc30a42de7958cf524910f394a402b4e1ad6964da9effcec28b7f0876d119be07175d7303353cf9deaf7587622513222866

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0c2L6BWnqR+yV:BHXDy1qVvZnOe/HEyo7WGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7ca7815d041f1e3737f96f0ecfb6980_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a7ca7815d041f1e3737f96f0ecfb6980_JaffaCakes118.exe"
    1⤵
      PID:2356
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2828

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac83dbd6e8bf020cc056a743b971a39a

      SHA1

      834613337c4aa6b0c12ce92470ab1d8fe0b8c28b

      SHA256

      e3636647fdf5620ef3f677e229fd4fcebe6f62995054bd6278054cea3ff0a625

      SHA512

      cc59345d479f8de95f485bd8600cbeac5b479238655f101b1015f5adc5fa90adfd21cf090d32d6aaef573a029615e504375099354d3b0c7bb9581c8f4a6222e7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6cc38e8b0107096df56ba8325a1d9370

      SHA1

      d91675c12e36f63ff468684670aad8a337010ea2

      SHA256

      be7afda271f6df705b4e3c77c0c95c42ce528c9a2ff97df6608075445be7ab72

      SHA512

      5ae4170b0dee47662bfab2141c1deea2b9a9fd32b3747253cd8a21ac3e4381c6f95500fb229690507c1ad2a20f57151ce6c541791a6936f07a5160975df4ffb1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9801a08c235fc4d99e04463a2b230cfd

      SHA1

      533cdd9a80f71f310c09b29066505661ca7326db

      SHA256

      d70207e3d9e9be3e4700544b7e939fa3b4d9bb195356070a5b9c73feb64dd988

      SHA512

      444348c6f117147f770da36ed5614955f989d912b923b92de10c06aef22b0c9382fd1c56a6733479ccdc0d139ee1fd99247e548f187888b8630c773934477aaa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ac6a7d16073493d228a5065cde76029

      SHA1

      d5190cd2addc699270b5b75b298b33795c90db4f

      SHA256

      c199904964d31dde4061fc21066099d32e2b7fd78804ccf2714e97f7a65ab3ad

      SHA512

      c70f870d534faf778977fe964f0ec6f05db093d8523115afbdf27719c515d92246d288966759cdb4cbd5ae3923b9cad486b8b9d1fa0296171b0263d98f9d3a42

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3ba91e0ec458a6dd32bcdfab109833c0

      SHA1

      6303e843fb590dbd4c0ff4d04158f0ec9083655d

      SHA256

      de54c67dc747fc898a7633d091af74a7a3811cc076f5edd1d0470248c7e965a3

      SHA512

      1c95fb89e912cfcbea7c5122179f639758b868f6f8a5c90b5a588bd35b4ca007c4fbbc44fca673b41286351c05607884b9bc7d5cec7ba35fd86be925d93b562c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6e23131ad91dce47808f0cc7c489b813

      SHA1

      a04bbcb3cedb536e3a727312b475fb97ecb09fef

      SHA256

      6dc3d76ad7a99a65dd28d90bb8f034aa7dee704ec30b9cf657f51a10cdcdedea

      SHA512

      63f57e74808a5d7008d2a16306a6be997abfa7302a871423d8cf7d1e99c5d97ac47c6297237bb201a9d3d36e792cd2c20746093314ec85fda5e9a88ff148d101

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bdb9f2cebeca57ce19c8570c5e90ee6a

      SHA1

      07a3feb2c46a7a2e658184303ecde32623a8387d

      SHA256

      484b8481666edfb75609b664458ff0c2e2aa3d2f70a447d4a16a292d45997971

      SHA512

      4ab4d2efcf33d8cd7b2e7660f3745091534b74401d15693882a15690ffb462b5ba4b836c93343a7584b83b057f1119a055ffba5080cc9acbd0ba94fb4d2283c4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      429726564ef05c428fc51cd598f63fb7

      SHA1

      3122ae10124c73d803430f2ea841558dc3d27ae0

      SHA256

      e16ea99b5da6dc8e48dc1b620cb88a9109f6a26d9236dc3baa955b726a6f2f6d

      SHA512

      075c18799b908cfca16d2a6b873175ad59284f2091158697a0187aace0658cee3a5e50119d6dcd941a5a15f5d7df695396d52a1d0fd84dd38f0ed5ad8020b47b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      723ac8cd96f9380fa09130e3f7b6df57

      SHA1

      04f2da39bc7ca0044c4b28cc3e68f18b43c25bfa

      SHA256

      4028228b2960d36e5aebc257bade9e547aa17711943a3f98a3c4dc6dbf0c2987

      SHA512

      b7cc716cf7af2150586a32cae529b26ff0013c8abbeff4af94215d91fd560238efec8b5ad770eee682d370a66e0f287d857c84f74be2394e5323c5b73aa2e1fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA8A1.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA97E.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA9A2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2356-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2356-6-0x0000000000370000-0x0000000000372000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2356-2-0x0000000000300000-0x000000000031B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2356-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download