Overview

overview

10

Static

static

3

b43b783048...18.exe

windows7-x64

10

b43b783048...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b43b783048b6bfeade7dcbe657065bb6_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    b43b783048b6bfeade7dcbe657065bb6

  • SHA1

    e5447633a24642c0516b2b6a70ee771b5171e852

  • SHA256

    03d1f659e9b9956539149f0077d14bcaf235b133714534c2121134f59a7ddbac

  • SHA512

    2e1d81881dbfe83111590da94485e8811a3bc2cec533deedc924aaaec544a6e5141c760e900f65b561618288d9c12518e8aadf6d36334e62800904d88576debe

  • SSDEEP

    3072:97ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Pdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b43b783048b6bfeade7dcbe657065bb6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b43b783048b6bfeade7dcbe657065bb6_JaffaCakes118.exe"
    1⤵
      PID:2200
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2500
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1524
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2300
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1616
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1652

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e7b362e7d85a2fb26e50b1dedabfa8ea

      SHA1

      94b9f1744e3597401cb51275f4fd3aec6b030f53

      SHA256

      0007f71fdaa6205a2212f2a3aef0024c19183460bc093808fd3f2fadacd119f3

      SHA512

      fb7553fffe330d902c3a8bbb85fa825a54d3ddbfc98f13d52b9cb99acb8faa260c72f4b43fb973b52639a29fcc24ba2df7d7b37503ea6773a7a42f4268e1a9d0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d43c6409a7a721f0469f81f59040b555

      SHA1

      ba898c33df27627808263e7a61f8fdea6baae9d1

      SHA256

      31b47c7a444977a1742d60ee42b2fc69207b67f2e1b3260ee047058f350a9fd2

      SHA512

      81ef78b97148180b3a105b13189087d87c97bc4cdbbd7fa0a9243d3b38b8a5ae4dca34c65dd9fd736dd36657a8bc22572f9542a5bf681fc27cafe932460fb839

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6905b6f19cc85d9632ab3ceba8a9e5b6

      SHA1

      10984c2bc7e332b59c2a4d728f2b5e90b765938b

      SHA256

      8615ac8afe310e0548e87b7d01a0ca3f26c67bcfc2b2262239c088612694a4d7

      SHA512

      33fbfd638d70b29a4ac32ffb80473f7ac4630def43b5d8398f3c86f8b63fbb315fa002bba8b8ab61c24042baef133b25eef388cef52274f4f4a072930a0be80d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c1d84c26fc9974e1ace8f38d078db3b

      SHA1

      b1eb4b6b0b18cb03e84210d375b18c1b5596f56d

      SHA256

      6e7045e9e8791d14ca1d312266fc3a89ed0dc58828d42c847139b0ae33790640

      SHA512

      b4fd89b46151c840cee6e63b6f64a4cc03fd96436ab9ccb6e095ddb344f51f370b843285e8c706aae94b6ff1cb4fcce5a65a121f6883a288bdc2183730fb98d5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      562630a0370c437b76ccf41235da205d

      SHA1

      b34bfeb44d0a5c4058a411f300ad7e4501df1aa2

      SHA256

      9c9ed1afe19e317b7b8af3c9a9d31311f80fcd7ecea1d5438a717febf5b422d9

      SHA512

      8c1da5200c4fde80eb62c345206e3e9fc0df94f27ec75bb5bdc0852bf252d3fb27b40dda36207cdf57528fa1714292157188bf349b7c1d75d00c7e6ca51b458c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a9fc61c6df21384e636c012a600c428

      SHA1

      1d4d62ad717c8884e956e8a3366d6e0290df73cc

      SHA256

      5995bbbd297622c07f340be91dbfa4186c7cf28b478aed999a7d13ef43f22e7e

      SHA512

      4b8b748a0fcbb9d0c52c24c1e3a7180c00b7d46d9d0e0e39268f88a0565ec1e77fd0ada53ca3c16e183eaefa3baf954603e76d501120bcc0091f46cedefd281e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac60254521ab97f6c0da7f204440861b

      SHA1

      b0627dbd86b226ef2b2b66589279a152c8c9cff3

      SHA256

      309884eeb2e4ed9beb56a38b2f6d04b227fa585f23d092b7b3fba394fba2494f

      SHA512

      76c3e0a3e21b7e991e5abde32611e538ccdc3d13731a0027516000cf04a101cd6b3203a10caf208298cc820575837922f54367b96573a19d97ea6cb52db63845

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f5953cf269e71762573d8352f893c865

      SHA1

      fc9b4b3f29aa268084689b21948ecfb4653ee14d

      SHA256

      40db8e959c127465e480cda9ecbf973abaa4a3258bb2a88854dd6c55bdfdb006

      SHA512

      456498b3859c8bc44dc3286f9b2028b5844c512b8c25c009f0089163b3992658ff769a7b7f5f5205ce0668986a7e6c7df6dc99f75293abbb39fbd7db25b82d11

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dda60a16901a07c64b1376efd8ef2ac4

      SHA1

      7cea7a2435ae54f11f5dbb23d22652f4dfaf608c

      SHA256

      a34bf7cec4911ee4cc8d8c7fa1397ca6c46a8f7fed4350162cc24aa26d54451f

      SHA512

      c4b1665e88deb898be997db468bbac5352a6f8182ca142090a3760884ee49c739f9f6045b595e59edcaf93dcefce62ce4cfabc16886d296f36872e8b59a5f806

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabE14B.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarE21D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF088DB7C5247A7149.TMP
      Filesize

      16KB

      MD5

      72d88459674d8c1e82684076ba97ceda

      SHA1

      0781e2438e5a68fd2f4c33b19b4dbd47e513e792

      SHA256

      5ce8f989af68deb7dbfd5e98d4ec4fd989ecf6bdb21a9ab692526461df079b11

      SHA512

      ef68caf4f1c3114d38e4c1a821bb10f4320fe8ebb3f072dbd48b36ffe1d4f9794ac03b3f80a0db76c277e94ffa713404a3c147f452b3b7949470e3575602fdfa

      Download Submit
    • memory/2200-4-0x0000000000290000-0x00000000002AB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2200-172-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2200-8-0x00000000002F0000-0x00000000002F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2200-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2200-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2200-2-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2200-1-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download