Overview

overview

10

Static

static

9

ec3209c719...18.exe

windows7-x64

10

ec3209c719...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 21:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec3209c719072a0c85b4d96c4692c0cf_JaffaCakes118.exe

  • Size

    908KB

  • MD5

    ec3209c719072a0c85b4d96c4692c0cf

  • SHA1

    c3f7b22daf36569e81ba5559aec78f232650f4d4

  • SHA256

    dfc88ee8753cfbd52a3dc608c16441e06ca1631f8e8369a891534e3a84bd1977

  • SHA512

    9c4db8dae5edb64761f54f33c43b134d444f437be27cdb73ea55f2c455efa9747590960d057189bf458bb82a84aaffc23872aa7d935a84ee7787dc53edd0cb33

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankerdiscoveryrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec3209c719072a0c85b4d96c4692c0cf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ec3209c719072a0c85b4d96c4692c0cf_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:584
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2832
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2184
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:209933 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6243277c17f09041923ae206e0c4a7f0

    SHA1

    434b3a4a361e95026444e6c5d378bbd7832bd7ad

    SHA256

    91d3c17c37760ededb0f2e2e6b97d12a551f8d1667ee11e0ac90f0b1ffc449e1

    SHA512

    7bb3ed1b6c3ad091eee0d335820c103a067dca125e0e972adb64d13f89236260f54fc0e2d99c48b1cce6196a8e1b51521e6763f7a75eb5fc3f57c01ed7b3c7ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80ef559bce64bbfa7329912f97850275

    SHA1

    e16bd8da456f875b283bcf05ba72df9e24271953

    SHA256

    f1cf118e4561ed8c6e744e7bf0f05c87c69378ea664a9a200a5d1bb9ce000b21

    SHA512

    dd2775c2985d862309ce1c9a674aadc1c9cf43848376c7f8a8063485b608cdf83ce63d0bd4bf0948d9154d508abf87a02ff86003e7f18babc4990a322395ef86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    613f5995741ff4eed26f0d5f893a1b0a

    SHA1

    9f2445cd5faf5aeef90bd711c6ee665e372c1d73

    SHA256

    b0cc265d8be88bcfcee6b46e5e75349ad1697f3688acc8280601985d06df7de0

    SHA512

    ad381244f34a09165d4220006713335eb331ed2db534a762731814ffcce802bd6f24f3d29f1553ced71ca2280f72560369948fb43ad449252d39a66e6d23249c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    379b97e885e0f9ae26370bf6424ab490

    SHA1

    13adb0a31c82066977f5bb4eb661b641ba62716d

    SHA256

    f9ffc392c3dcf98547af56640d3a6667b07610cce259a27b496c0f87fbd50d8f

    SHA512

    c4a0ebb8da218c422ef06e2aff7aca8aede3f893e671163d69ccbe9f1e3a84dfdf8a22a578aafde9d137b26833ba7fba7f0038aa7069bc35084d45f80d2a0c28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18d1d7b5ea1b555bba36db246b6941a4

    SHA1

    613266fefa2b5e01798661a2f64be0455a129915

    SHA256

    84fde5cb1ca6ee9867a24aff7dc3aa4073a32a8e21bb11d578da0d1c9253a196

    SHA512

    d57be9af33042e2683df4889e9030238809dd1ca04718d8212a88da2943eb6a49498809f0ecd33ce7fde51973d2429b1dbbd5be73cc3971fddfd7860f805b29b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a2117134bda26aa2b8a1bc8408df172

    SHA1

    5eafd09f26cee31784998cf104b7ad7eba61b5e7

    SHA256

    8e347658d5a1de70f18b04767e9d330f4993b2c797af9ed8536bbd2a0f2587e4

    SHA512

    cf9cf6c26ebe44208a6d5f365db9fa97dd20e2bef9d00ed219bd468e8e9147e864a054d9bb98c52e3fa0ae901e4e7b64a4273789efdd9d81b4f1a8a43975a71c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e7590acf71691d2c62b7ed341afecd6

    SHA1

    e69b775b383664124571e862d2c8ec76437128b8

    SHA256

    5cf1bb2836f1029b0694550149db3dab64ae4d717a5ff8fb5adad6fdcdaf9eb7

    SHA512

    2ad5559eb1ed07a4a64dde02bef2f6edc463c863be01435264c5ea5a87490b532fcdc07d8ac148063c08061b384704f9ef58e45a227545a9f92d17b0c72bb573

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a78519c3cc8025067881b82824b8c57

    SHA1

    a747b65460109f3ff5d81bf96755c3dcf273d372

    SHA256

    8f7951820fbfcd51adba810bcaa480968ae17016f19227dbe8c5468337883b8c

    SHA512

    0796d58c7899eacf479e0e688d894212f897200b8f6a69b5432abc54d3726b2fd585e2c500ef1393219be480be7c5912afa467db380661b3c1c20deac9292243

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18d73f783e24dfa5194449d125d53557

    SHA1

    639597a920bfedd2fff50710a978637a5d3b1c34

    SHA256

    3aad0b81bfd10f384c9f2fc43cf9324f4599a3908c2858f4ce10873a9dd21079

    SHA512

    60702d33fda3456c0f2fa8a785a657f5b24e8ec69195d209b04670ff3edf0f3501982171724d7113248659625e254f9411080d9389a4b751c66874bda7b97f33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7ddcafaf1e19be807ff858891ef01b3

    SHA1

    580bf6b7e1e378f4db254806710e24e8b9509aa1

    SHA256

    801fa4b3872dda12adee2e078a7891ab74643360053c79a2c8ef504c58c95e58

    SHA512

    abeb61ef0e14d03fac8c77aaae95886c11955a85088a2271437915287a0c8b45685291a3559c0bef32fed0e27c56dd2114b6ba84bd6a4cd0ccdcb23d5c5eca50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfa0f34185e9f931bcdbea11cd6deaf6

    SHA1

    efb4709e88c5f4d6805f6c8546240ff587d4b1e1

    SHA256

    a2b5d8981cec24a01726ad6b9465ba240da5c05e1832cf9a8db045d40b080e27

    SHA512

    84eba69d1d00578ae164d9d06bb48837f3ca601527ccb8e89136e505547f23bea224a50f00c4563222b815e5e446013ab697b341774498e09d9e4819c20bf325

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    289a0837bf20b8d2761ad539ab5dfd5c

    SHA1

    f1b9d9c3f33e113598f9991e45db4c4fb6bafb0e

    SHA256

    b308331ce52b97350e2fa65d6c0dae02ee1c34a0149a186d2801dcafc81f38f6

    SHA512

    758d5702b86f2706ca4236094cd2ee6304bfb374905c671a8cd9a23a7c942db272fd04a1637a074495a6d89597717dfd1ec2f95eff90c69a89601123e36eaa9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c628653fa737c33c7c197848b0e4c455

    SHA1

    0518c8842c42cd64c1e5b1e60ca528943c86723e

    SHA256

    0f85052ea6f70935001d84e53ad674adf7189a3c916357965bf6aa73cf69840f

    SHA512

    be90994480df78298fea62d31685be12628c4f8e04a0cb2e16b13e6a700f6d2703d403f892774fb0bb27011015834cc1c1c4f7b5e5409e8a07f43d2a70ba6827

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9503dda6c6c6c4c4050efa6a7b61cef

    SHA1

    ecdfc0484e1f79fdb1891130ab10d7c872a24cb5

    SHA256

    d3847485e748ca64a987f34c8126f64d90752230bdb5a9925feddf5c829a792b

    SHA512

    cf7adc15241f46527524d3acbfeeca90807a7b429edffd47b8cf1fee7b84952373e010bfa873e119ddf03666dc598ffb9109bd8714b81c82c1afdc181f1d6f89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63cd68f3f0391baafb8dfef38790fc47

    SHA1

    4c8e6e35937f203b9701f78e465eb844b3ced4f5

    SHA256

    12af3f40512629582b79403c4def3bf84db3ec2e9714316b48c761c7742bba50

    SHA512

    1114c8494e6c477cac2642e845e9ca5dafb722956e362522ea0939e99657a5c436e90f35663c02379722c1d986ba38d466ce8705bdf9790e8c7f5bfee14aad02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22eb7f8403d36afbd5e851b0945486b8

    SHA1

    8bd930dd77a13b5c32268b3813fed32e88510834

    SHA256

    c5a617262f21705c5ae9d6de8648511e2b5ede937f69cd8b9b3b3f0cb128e290

    SHA512

    991dfcb453ad6263a7ea46295e318c63b75c7f109dcc1fd18352a89838c6bb5c7098ba108f48951d298b27c0be6263c41b06db03a3d132dd0278e3895302e5ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e25abbb497db6a556980dc4777a703b2

    SHA1

    dabc273e103b4bedd4b40d7ff1c7e6030bf2155a

    SHA256

    46fc8323600b58dd892b275289dfb09b2190e855df53aafc187f89da042ce7bc

    SHA512

    61dc0e70287f4575e3abea52af6dc4f3ef1abba8f8b44382d7a7ebdbfb3b39de2c2bf4ed6501d2eff7c57db97ebb22aba290372f092dbac22dc127eb6258b78f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94036259ee34a63f97e9a3172befe575

    SHA1

    6371fcad7c581f81ce1c68b1142752bf11476e7c

    SHA256

    456e56517aca2d99acb381b43be69f4e33197bce09719fc628421fe42d743ac0

    SHA512

    3d97d8b4719d8be1d68b37242ea19e083e80b0482fef5caddd2932a2b464a0a04bd36acabf40729450e5bb30306fc64a19d524a52bcbae434b2e2defde171331

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc1260330dd4901a51db847155b9ca44

    SHA1

    1630f609e79f4dde7751d52c38967836bd8e86c3

    SHA256

    18c339e5e40678dba688dfd684e687ded0a6f735619d566ac00db1da2eb7477a

    SHA512

    0233492990def5147cb1e43c505345089b73569707c780d4cfb56fe8a50023dc3ddcbe24deabcdad0b23b751ff5dcb0926a469223bb4fef7309a7302dcc5ee31

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56KJ964X\errorPageStrings[1]
    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\httpErrorPagesScripts[1]
    Filesize

    8KB

    MD5

    3f57b781cb3ef114dd0b665151571b7b

    SHA1

    ce6a63f996df3a1cccb81720e21204b825e0238c

    SHA256

    46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

    SHA512

    8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQU8S4LJ\NewErrorPageTemplate[1]
    Filesize

    1KB

    MD5

    cdf81e591d9cbfb47a7f97a2bcdb70b9

    SHA1

    8f12010dfaacdecad77b70a3e781c707cf328496

    SHA256

    204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

    SHA512

    977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTZJPBOG\dnserror[1]
    Filesize

    1KB

    MD5

    73c70b34b5f8f158d38a94b9d7766515

    SHA1

    e9eaa065bd6585a1b176e13615fd7e6ef96230a9

    SHA256

    3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

    SHA512

    927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE257.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE306.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DFD65DD188525429BE.TMP
    Filesize

    16KB

    MD5

    dcd63c4e68b0d7d222e940ffd1c7de84

    SHA1

    7a3a556188fffb12a8d418520349c69d39f7a84f

    SHA256

    20a777d9aa9860d512478e8713c8ed7e816ef5ab05e11a1e76d29f263bb644bb

    SHA512

    48f826f7860169091e90e135359b2752013641b555449b5fb8d28ca3d54a93753490b54c0c3d1c5691752b99526fa3dff943a52e37516c57164217a8f870bc05

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
    Filesize

    3KB

    MD5

    88ff538b303ad83d4a1e60621a2ebba9

    SHA1

    2853be212860a288ec9a2e9e362b6cc7c368144b

    SHA256

    fc7a7fe0a8275bfe44422de00ed9f397d6ee1f5f90e866c75be9cc233455a3df

    SHA512

    69ecb0a071f11e7172f07a0d4075c0d23fceceb0999448da8a651e4985e4d01faa06f510c7678a69e543de1b77b5037a550cc25307b50cbc7fdd3bdb85f9f1a9

    Download Submit

  • memory/584-0-0x00000000003A0000-0x00000000003AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/584-2-0x00000000003C0000-0x00000000003D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/584-8-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/584-9-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download

  • memory/584-10-0x00000000004F0000-0x00000000004F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/584-1-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download