Overview

overview

10

Static

static

3

a71325aa63...18.exe

windows7-x64

10

a71325aa63...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a71325aa633a5fb5cad6f1f7c729ad7b_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    a71325aa633a5fb5cad6f1f7c729ad7b

  • SHA1

    12b5f7d2f5ccbabb87bd78fc6f6756643843524f

  • SHA256

    bb44df19cbc6ef5dfa99ef1f1d182b22b23f6224207c3aaf6c7b11eab1ae88fa

  • SHA512

    4e0c2e21a21f5be4b3a21cccfa1d0c2616aea3fb22a5d3d90bcfa3773b7b99fd3ead31b4d62f3190564fb643798e3f13a601f364dc4a8087ae99b042cd1653f3

  • SSDEEP

    6144:AVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:AVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a71325aa633a5fb5cad6f1f7c729ad7b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a71325aa633a5fb5cad6f1f7c729ad7b_JaffaCakes118.exe"
    1⤵
      PID:2948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2764

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      2ea1f032a7b16824c430c261077fd206

      SHA1

      36174a6abb2802c377bba7a19f78e8f3738f1684

      SHA256

      3a82809a7ba72a280c6562acce6970e961491ca8f913557e06b29a1a0a25be7c

      SHA512

      d2a5b869a36d65b6db72d769bf0773ebdb7a27b27180cdc732e1110e645040a09badd4aa1238152f9ad9bbd6912a9ef53a1223719a4dfc64ee7dc6f9226dc73c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31e811213596f35226ce3293ee05f4cc

      SHA1

      c60ee8b389e8b9b97b9ec8507db09a32e76a2365

      SHA256

      1638ac90cdec16e9b50fb431921bf53aba2d6c8c412bd68c51f4e16af7171cd4

      SHA512

      43f59f15d7ffb2376a0cd82e24f9293873411d9472babce115eb0bd63c0a5f6e274bf833fad2457931393a9727996a6de3ec70c78ca3ee1179a08d9d73ea0f13

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      701e8345876d34ce48d75ed964727d33

      SHA1

      83e4899c492b8e8c8da186531995be579ad96b6c

      SHA256

      65889011bb5475cc8cd526bb839ae95a7b8ab2182809febf24205c28d67b528b

      SHA512

      6753d1b93b09f12a7281fbfe5b369ff4a950f5b0c421e2321a2f7166612cf45f75a92950cbed00e02e0dd467eba3bcca477e092bc780313c35c5af78c1f4a713

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      df8f5d80577f2ec6958cc9f66d7f3bff

      SHA1

      efdd81e9880781e77b3989277d23bac9d6d7a9e6

      SHA256

      8be29692992a6e63ffd58a62ea55a183ce721e5bb037b5c57ebf1c6482c1f34c

      SHA512

      52611704134b715174c18262ce0bf4ce175f06632a595031b910cbb6ce07348c204568e3c5c68e0a09e40a004c3b6a6c6cd0248b71776ffc53b0749906be0f8a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      494da9402c91f3ca699a861fdc97d451

      SHA1

      fc00b3b66ccb17503964ac842af65247fb73f4cd

      SHA256

      eb9b010fcd247d1aa4d2503a74f79de62504e46038e60da9a0e7fc223ad51d15

      SHA512

      b0ac2fe4f2f703bf28e60454062c6b43d9af5136024288d73cc16f3523891b0f44ed74d153f9d217a8e276140aa1ef4c0bb958a320d3921902e883ecd1fbf1fe

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6de143fa7562200cc577dfb4cdde215b

      SHA1

      ba3e2ef2c54b7f5be61593883f17292d267dcf98

      SHA256

      58111672c636059cd259b3b3b805e71f740c013779cf269a6f32262b2e9699f3

      SHA512

      93cddcb68eafc7ca257ae7281c0707f90501fc73e5c67392f83d66b72554d8e02402b0794f78c722a3391390c21540c227eabae0176aef8b27009600e5027d5d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      44785979c133f8973ba53c981bd073f6

      SHA1

      bb5cef55663952530b913dccc229eaa5cd13573a

      SHA256

      391326585511d2550b2b63aa471117bf8d2e2acaa326450719853b4fe14c5132

      SHA512

      b1e70934a942d30800fdcd3893809535404118df917325fcbbc395380cb9ba55c536a6e51e7ba7d8c597f37b50662c3bc721a42822f7158a5c7352612bd1ab00

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      886492d22b8d761000478993bc4030c7

      SHA1

      313f5a6192b81353035c7e435209f22cd2cbb1b8

      SHA256

      984eda9609762b88f772bf503c4d6dd9718ac2172ae3a086296328d482b4813b

      SHA512

      d2744b6a8e2c9f6e940f8264632c17a56fafdbb22ce85f7b943cc456cb94693829a30e3b9d0cae8e78086f79bdb0e1d0be21c660bc4c3ad8fa7679c73bdcdf52

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f33c420eebb25aec79c8e55058d1f49e

      SHA1

      2435bde67f116ba19ca1492f6e0570750e57a609

      SHA256

      16d51812ea50ffe89f28d616b3eadc615c11576826d4e239cf0664ab0fa95501

      SHA512

      e9c13bd65250a4edbb05027aeab8004cec1ea4b13fddf52f444fb0e4d1a5853ad357ed40a8c1a5e5e2d119278496590c6dbddbf53d54cde3af2e72a64330dffa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      34cc8fd818f9fc9825795ee819a559d2

      SHA1

      baa6b15f1af9424def051c9e844baa440cb4ec76

      SHA256

      6895fe87620daee40f3bf7f0ba993229b9ed4c6d517f1f1f3128c570fa33d048

      SHA512

      23fe7d83b74880e4ada25304cb85e5a3672a3f5b85931fd1cadef544e12438766aaf1429eb59a2917a1212878e2f93468e4ab72186b7413a5f285213cdd1520e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      a2eacd19d73817dda5eaad52773a18a9

      SHA1

      66fbdafa65040c5bedacb2a7b4324f1e8e4221fb

      SHA256

      52a5ca4b16cd38de8db24899eaa6d03625116b072ca499cd109ed64c8b8ae9b2

      SHA512

      9c937869478aec7373b0b1acea70fe257c4283e40ef266c410b00214db97a3e46da19ef14b2180607b17368b5cd644e6e472622bd7b59ee816b933a65821cdaa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarD9C2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2948-6-0x0000000000230000-0x0000000000232000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2948-0-0x0000000000960000-0x00000000009B3000-memory.dmp
      Filesize

      332KB

      Download
    • memory/2948-2-0x00000000001E0000-0x00000000001FB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2948-1-0x00000000001B0000-0x00000000001B1000-memory.dmp
      Filesize

      4KB

      Download