Overview

overview

10

Static

static

3

fac66c412f...18.exe

windows7-x64

10

fac66c412f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 19:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fac66c412fcb434ab33d4dccd7a03872_JaffaCakes118.exe

  • Size

    155KB

  • MD5

    fac66c412fcb434ab33d4dccd7a03872

  • SHA1

    a41170b576a2179acc793f27973e8d5e548ae38f

  • SHA256

    241673900247dbc698009cc08a8bff5c08b7b60a1c06ae358cf8e7cc678f34b5

  • SHA512

    46489c9d359419de4ab96ae5571e966e9dfbd2e29b1e70c291d33cd4610b41e6872a1357e0ef4615d13f35e1a89b0c3f3455931069a237be1ffa1c1c44281a0e

  • SSDEEP

    3072:4Wuk6BU7sniep/j4UswJiNsRI4EwR3WxUIuupD/KuXkwIEnUaTii5Qi37Gq:4WI2wiep/j/2sRI4E4Wx51hIlaMi37X

Score
10/10
gozi3492bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214098

Extracted

Family

gozi

Botnet

3492

C2

google.com

gmail.com

lsammietf53.com

p28u70webster.com

ploi7260m71.com
Attributes
  • build

    214098

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fac66c412fcb434ab33d4dccd7a03872_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fac66c412fcb434ab33d4dccd7a03872_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2148
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2096
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:1258501 /prefetch:2
      2⤵
        PID:1532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2336
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2568
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:348
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:348 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:788

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      91b050bacd9efb7f840e23cd1dd78820

      SHA1

      cbcd34e812620dd8a2fa776ebb52918c7027789f

      SHA256

      5fd2de32c97ab8dc42d384de6b306ccfb1112d4adab717786273f99e50adb5dc

      SHA512

      d9dacf44587edd53de375f201a7563b4571e714de51ba63196470c3c2acf979316f36a55dfe7850583c6630c18f07ce49ee6d55529e90ff30be9dc0439459238

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97498218aada714b076e680aca86d126

      SHA1

      1f4a788c1604e3545cf96227a6245896e19c6ad2

      SHA256

      a39f171371e8db155d612c30220a28b7b5fae42cfa368a64128bcd1b0183d73d

      SHA512

      8631f8a57e89124c35ce939eb17c323973140f734c53e6c9a892c6ecb844532ba570d93060b6885d71c3b86ed2420c5588fa71038ca82c07087c14038dd567a4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b66c34e8848032ecd97ac2d1936934b6

      SHA1

      1d8f37bb534ed624690494b884856d112606e1a0

      SHA256

      b5a3e61eaea3ef81f8c68637dd8b1b3f741440b1dfeaa9c463d5aaf6bdef5a3e

      SHA512

      57447c759918245a66fb3ae313a6c5dd26fb8611440c97f4304cd6966a001b440d68a7c01a74ccc1fbf8023135cc0abc86c8cdd22c6d63733e20843238bf1816

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f2b280dc70607517d0c60b93fe1453da

      SHA1

      50ecd8b7997cc8eede8c78a9de04d869d54c6805

      SHA256

      22ae29f1d84964b95f7100d3775b7ae307f518913ecb16acbe0179714e549f19

      SHA512

      5d70eaaf6de8dc4b45ad4e477b8fe122cc47db957a0adfced76ad442704339202ae8b497ae5f91da78685e544830b973a74a0d37f2acbc3545ba9e62811c7c30

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3e2e095fffdff86b231d7b42c8a10808

      SHA1

      028e22b8edd345c8acdf80d5b07da5680e0e18be

      SHA256

      22aac61ea36b79036404fa8130554a651b82c1348861e842fbecaa9eb6fdc0a1

      SHA512

      4033f0266851c09a1bf3a1b26feddb0933210fc06c4dc60ebf3627d6cb216521744091baf9c0c7697aaccc2de172b86033682716bdb7f3976f8fe8c92d220683

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f883e03f03fb544fb478c18a8a4a659

      SHA1

      3f5181bd3d1e92ed37778a6a2ecefab3f6fb1f61

      SHA256

      16af276201a10d8b0afdfb1c8e91086392476f407044d8ca456037cc39775572

      SHA512

      e08f8df52a5e0772c695f6b0495b546ac6b34fd6c33625fd4fe45ae0c8a45c733be6ae41fa959a3815aee0cbabe74b88ebf68873a297092506d86df2877c8e26

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0bac76e68e8f0ca64d6c22d20d62ebaf

      SHA1

      45033ae0914bfe0d314e69a743818bec9877764e

      SHA256

      e574c72015d6e9af416c96dab563910aabb868896cf881a270c2ad702bf72102

      SHA512

      f5c0d95e38667a37b2e36d1f6097e435f85cb265053f0de6956da4a14d650f5956ce93905907b3a3862536357281c937b70f00596b862d76a1dd6e27afbdeb80

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fdbb531201c334beb8760f6dfc1a374d

      SHA1

      5246fcfd661b195ad5e8a9072abac054a2efa7a5

      SHA256

      ec25b34242698635cee8de43f21addac9f6c56a26a9869999f052ba24825f415

      SHA512

      7fd75cf7aaf5f93b7e5f9e0e2258cf025c2d911a93a5222ec255f6f0893052b45a95f966a29cdd2a671c5b0d126aee061bd153572c2e89dcf77e49bae2fa1c84

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0cdfd9f0c09a919c35cfef914bce4c19

      SHA1

      c9b8e5ee0229c2aae5c0e38b58fbca65db709135

      SHA256

      e806ae0b315be8a6900b73059297561d2994dc06aa27828a008bc964852c550d

      SHA512

      23dff2867f1a0da94f9d4c97ee8272bf9e34ed364c911333e02725f7ec917d8cdbea8fce66ff2c82b75cbd4b57e4b83019a72acf70c06f98ddbb92fec50a513a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabB6C4.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB725.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF62F19720D3FEC01E.TMP
      Filesize

      16KB

      MD5

      74807bc1cdaa711efd2633f13a22796b

      SHA1

      5bf61e6e40ee8dba329271c3f36f479e4e8f4d12

      SHA256

      c458e49e4a8484e381472eeceb33e1c9c262fd2d851770510aa226e23eaf51ca

      SHA512

      589eb45964fed1990e39c95cfae15b97df5fb76cd473fc7093567076df627ae11b1a64aa200413b338e014bce41a5bd818016fa53f36bd00700a8790f3f3e7aa

      Download Submit

    • memory/2148-0-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2148-11-0x0000000000540000-0x0000000000542000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2148-4-0x00000000002C0000-0x00000000002CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2148-1-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2148-2-0x0000000000428000-0x000000000042E000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2148-3-0x0000000000400000-0x0000000000537000-memory.dmp

      Filesize

      1.2MB

      Download