Overview

overview

10

Static

static

3

JaffaCakes...f8.dll

windows7-x64

10

JaffaCakes...f8.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    03/03/2025, 02:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4426ec8e6bcb568fc8ab4d84ab2ec3f8.dll

  • Size

    69KB

  • MD5

    4426ec8e6bcb568fc8ab4d84ab2ec3f8

  • SHA1

    0dc39524f41f928e06e5a3931ad8d45231e9cb8f

  • SHA256

    482e0d297f6900be8e0146384d61537ad6bc63e2ab94bd8a199ed769159e0abc

  • SHA512

    1cc52ef5388e5a2686a0f6ad221ee2812c248842e6f8cae84c0ea1295416232adf9c0778cd862f4756cd39465209b23ea511336dedff6bd8fc7cc0201a706120

  • SSDEEP

    1536:tm+yeA6LmpLHe2Aj6xCt/GxMH/J7hTHfHBZxvmIYMIbCntT/:t6emeFj3pRVr/xvVY7beZ

Score
10/10
gozibankerdiscoverytrojan

Malware Config

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Gozi family
    gozi
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4426ec8e6bcb568fc8ab4d84ab2ec3f8.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4426ec8e6bcb568fc8ab4d84ab2ec3f8.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2116-0-0x0000000000810000-0x0000000000926000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2116-1-0x0000000000210000-0x0000000000221000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2116-2-0x0000000000810000-0x0000000000826000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2116-5-0x0000000000810000-0x0000000000826000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2116-4-0x0000000000810000-0x0000000000826000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2116-3-0x0000000000810000-0x0000000000826000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2116-6-0x0000000000810000-0x0000000000826000-memory.dmp

    Filesize

    88KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.