Overview

overview

10

Static

static

3

abd5737e0b...18.exe

windows7-x64

10

abd5737e0b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 22:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    abd5737e0bda9e6146a0eb31d7af51a2_JaffaCakes118.exe

  • Size

    334KB

  • MD5

    abd5737e0bda9e6146a0eb31d7af51a2

  • SHA1

    a8a37be6e078eb7c56e8b28449f39f49e5974f93

  • SHA256

    db6887835f962466e55411140bc58905948252d695760999a713bcfbc08954eb

  • SHA512

    0734f234c45120b781d1d08c1e655f8c309200632d94394de7654532c1f596373a22aad82591249d6527b50f2874a047f5ab141684cb2a568e622cf7ea989b24

  • SSDEEP

    6144:L2hCvdxeH3yjOjrEL8fHXF8nTlTdkw7nH8/:L2cdx8Cif/eTlFnH8/

Score
10/10
gozi2001bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

2001

C2

http://yyytttkkk.org

http://185.49.68.106
Attributes
  • build

    214071

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\abd5737e0bda9e6146a0eb31d7af51a2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\abd5737e0bda9e6146a0eb31d7af51a2_JaffaCakes118.exe"
    1⤵
      PID:2872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2700
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:768
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:556

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      096b303bcd5e0ae623611362f5b98cba

      SHA1

      f5b783d1b19ab7cd4e95095ce805651ee3203cd8

      SHA256

      0a89d9d07d3e6ff4cc1be4df559d1351b8a5bdc93673a8ecdf9768efe95b2aa4

      SHA512

      72fb9bfa3c5443fe8720979d74f10338190efa090393ec1c9be28536d62192b7b0237527c146f662522be3ddd1518a9c5bebe6539c5332a6afea52e17980b264

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      640b15ca83f77916f55b3614e0e41e83

      SHA1

      ca410f52b3cd4444b45c0c2c308cb06cec7b8334

      SHA256

      1a3804bab17dd09b108f29299670bf3f8f4c3d0a5550bbca53259e3de1fd4194

      SHA512

      e4126812f8ec9663d8e718790c8e281f0dd7afddfb6f2e74fa6c993f0f0f2f5c5477ee54497e7892ce356221c2d872e624b9fd72fcc80defcecaeb4c446027c7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8c13b328d6cd952789a10da76557958e

      SHA1

      7ce6f56f15820137851428f528f910fbfbd78630

      SHA256

      0e5098ed9c3d994490b4cfb7f096066ef417345ca64f60146fdd1c46971ff434

      SHA512

      d49de9dec59c3980968a663d715d1b9ecb4b58c98c54093353ed3a52773a84a7fecc22db1d4c275af7fbd72d43dfeede6e71e25f273104f96bc04e140b0c35c5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      64a1d6075702232f176ee38368f984bb

      SHA1

      29a721277394fd69efa46b3bff9ebb71a63d2026

      SHA256

      4bb18c19b10369711873cce70c1e1493b9068b66249c4cbe4137ba3323cb909f

      SHA512

      32112dc40786fb2ba69038c87f5d6a63e984443e105ab7182088d1cf521d645121323ebfbd74c32176141178e5a87e01c3c6ff3cf5fad1e4ae454926c1494b59

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      459e061c578c300067940462e22a5a35

      SHA1

      d34a61c33bf0ea4744d94f726243d35811f2f65b

      SHA256

      4a17d0441260201faca16f6c5d22e4c822ed9c523ee27f653ffc9e53c852f9c6

      SHA512

      c9f795e6248a78c70f90eae40bf5d5d9ef2d35e2537cb3f8711176ddee5392ee64238f2898d1b8f4b2aa201c2cb186535eeea69c60b92c9f343be3467968a903

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b543df49dee668bb7bae598e7cde710f

      SHA1

      41dcbf5036064bdc75df6abed62c406e2f1025f2

      SHA256

      ec409fceed0584685d7de5050bc7d9ca00c698a664a0ab6e96bb4845ae7d82e0

      SHA512

      1e0b4a44819e943ff7469b6a630bc7522ff520ba67fbeaf7f1ca8c277492528e38b323a982d7825e6592b97801e63878ff21aa6dae87dd7754e28eb6f4f00df1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1b3179ab76dc250cc35fd2ac09bb919

      SHA1

      fec7d618b5dcbd5ab70a52b1e97a5b7f547154c9

      SHA256

      0607a0a94f14fabd249bde498dd9a497b7b5d6ab649cfc4de37d041b048e46bd

      SHA512

      17fc017ec534663c61dfd4d601c87fc03a1a678e1cc16793bcf0bdcc0d1ee1833d22e769b17a73c583f239390c3cf094e4307d6d597f733b967898a3b764c2fe

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      02912a0e4800d3e5f4e70af068c7c618

      SHA1

      d2b53e82c24d15002452a43c01c690f2bea4f5eb

      SHA256

      94b8d9d8eacafd27f8eaf42a745b769189eb2b54fabc7bdcb63a2fdd7a718a8d

      SHA512

      bec0e91476f3a9b202f52f14686c056095bc63ca1bacb405986b88c41b1e6efb786ed9bc315221bac27305f5fb907640f5e68953f0348961d8e66122a60b9290

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA8B1.tmp
      Filesize

      67KB

      MD5

      2d3dcf90f6c99f47e7593ea250c9e749

      SHA1

      51be82be4a272669983313565b4940d4b1385237

      SHA256

      8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

      SHA512

      9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA973.tmp
      Filesize

      160KB

      MD5

      7186ad693b8ad9444401bd9bcd2217c2

      SHA1

      5c28ca10a650f6026b0df4737078fa4197f3bac1

      SHA256

      9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

      SHA512

      135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF1A08FE550C2BCEEB.TMP
      Filesize

      16KB

      MD5

      d496cde30196ee4387ccfcf35d9af0b3

      SHA1

      ef5ee4d918ee7f60a943ca82fed4146dd07170a6

      SHA256

      4c95047d8cea9bcd9cdc0ac0a88d5cb801880bf4c5d91a62237ad461f01ad8bc

      SHA512

      c6566d198d2d6c2cbeb21add50f3779ff98cd474b868341c1cfacc25dec3c183ce3e3cd43d3c6e7ab5aa63f5b2121d948f35e61b6f7bd781453a1772293048d5

      Download Submit
    • memory/2872-0-0x0000000000E00000-0x0000000000E64000-memory.dmp
      Filesize

      400KB

      Download
    • memory/2872-7-0x0000000000220000-0x0000000000222000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2872-3-0x00000000001F0000-0x000000000020B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2872-2-0x0000000000E3E000-0x0000000000E43000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2872-1-0x0000000000E00000-0x0000000000E64000-memory.dmp
      Filesize

      400KB

      Download
    • memory/2872-396-0x0000000000E00000-0x0000000000E64000-memory.dmp
      Filesize

      400KB

      Download