Overview

overview

10

Static

static

3

a860cd9642...18.exe

windows7-x64

10

a860cd9642...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a860cd964248c1ffe43e0689bb3b6902_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    a860cd964248c1ffe43e0689bb3b6902

  • SHA1

    6227b7025240dad56e5d0230082421ccaad50a95

  • SHA256

    98d9da418bf38eb603e68ceb5f8f13d5fa73080fa5f4ceaf80e71011e519c415

  • SHA512

    bc7444e000ebe399f5e8e13dd4bb9bad89e8fa9aa378a1d40ec1ef20a6c33e7136b69d7799643493886d5b42e331439edccadd19499b3165aea896d0fa35e629

  • SSDEEP

    3072:9oji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9idp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a860cd964248c1ffe43e0689bb3b6902_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a860cd964248c1ffe43e0689bb3b6902_JaffaCakes118.exe"
    1⤵
      PID:2156
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2524
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1924
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2868
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2236

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7c1153e487859302ed743f4f0c8c0dd5

      SHA1

      40cb4b7bfa198dbc2302214ae5afb862d00ab71a

      SHA256

      57ce04688c06dd37ffc5c754446718c6e6b3c02db1ae5b36d9c668c60b883f01

      SHA512

      8d44b0944e41f5d48b639ae5129c7a035dfbe94ef23a834c10d583acf5ad213a76481680d5bece593cdbd9da90114665af42c61a8397066b08f8e9bf551fe6b4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1ee81dcb2bdd6e8809cffba330c8ab3b

      SHA1

      17fc19ae5c22771c471955d4c016c6d95606fd73

      SHA256

      5fd84b978f9e49b23dffe03af77471a65266bdd9e1ec9cf7cf955f7735122449

      SHA512

      17d4c0757090b5d2ff73a1d7c6132d948921e32104522085b76047c8eba0892a0afdc28b2fe058192a727a0eaed5b0d03940d0c871b668cfad66332fe0de2df4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a58984fd86dd3e125cfc8c2e5ade2bcb

      SHA1

      90d0c60c9a1442bedef879c3f65eb4c230151aa1

      SHA256

      f0684e8e1082fc6bd6ded6c8d335b38cdfd542b9a7f2e4c0e1f3fe223d953806

      SHA512

      076b239a64e3447b74f0e9cf1a6d3624745b2107f73b5d0577574215cdc8a996cef5ca385b320289c54918e002f3b32fc305d655ea032d4b97378cc825589064

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      588793c19bca14be0be50e74416dc9e1

      SHA1

      2af98991fc3bfd1f11df3ac9ab79b306e5d1f0e3

      SHA256

      e25049aa8ed7725a35093c7c3a78adaf54d26893d984bbe46f0edb779e150ab4

      SHA512

      8bceacb890f762735da8de608fbf2362bf7cf1f7e86c583e5d52e15b3594726446f849091252aa1cacf880eb68bfa4a70d8e048a3183b44ca3c874aa57064af0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ae312cf2e48e05feb805b1e5cc23e0d2

      SHA1

      11f64e852056ba6fa99c4b2b42ce6b7e160eac4e

      SHA256

      8bde472e2d6fa4d98c2438a9885aff790eda9624494d01b8caf3077c7194b4e8

      SHA512

      d2547991c707bdac7238bc772470d8d61527e68c63e2d54da7d2647eafdde5bf1378277397adb12bb060a677a9998a2b5802891f3fdadd3ac9d73918a64881c8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f68585f169b88b1d0a1d23833e59a11

      SHA1

      83c70d2d1edbfee39c7c9eee438a93413bba30d3

      SHA256

      277f04a4bb688219d459a2959672b29fce856feb76e430336e7ef1b724eea64e

      SHA512

      a2e0b17971322eb0350d3f0f7f7f9d4d17de7d67135c893ee8d98eb79c6fa4993aa67e6a3c0c3ce048d7fb001675221c852496695af8f5b46f6b5d2110ab93c4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ea5817ed7eea12ff319b6989a7d91efb

      SHA1

      52ad5c4d32b02c35320b383a370531a7976501c7

      SHA256

      7f78af2103bd6b85875d86c7c108999c872a275fbc0207d4567a7d1866054911

      SHA512

      f9981e5a8d522cda1396cf6105c13e3f88a5ba4595151ff34756dc695201de1091544c22677032acfff79565424f096b2d3f322b0d6c637dc9eccece2a0c271c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80a8fbcf330e68bfca2bdeceba4c13fa

      SHA1

      be25d22d9b4b0ddaf75f5b19cd43a41f2f653009

      SHA256

      ae43c51639b53238136b3202634129628c690287a7e8d70b5904d3c002007177

      SHA512

      b82455559b3a22f295f0f8641bf76774f677ab7c2a3c9129f95930b6b987ee4371562c70a9f278c4ebecf39fb1011e7327f4bcd45f703c3845415194a47fdbfe

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b117c4cccec2f28761ec4c75e7fee374

      SHA1

      6440bb18fe20b976548b3674d59732fa6471e739

      SHA256

      bfc010b544e480a9666caad0d4a80e80c1081945fb3ee639d0081397444485f3

      SHA512

      48aca9dedb92b9afdb18038e93dc8c3708b5129506fc7f21a0a91621ff039d05c6655f33ab966ec8349c7857687016eea25cca4ab84e38e401b5af1c5288e59d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b023f2317b9e042a5e5a4d5d1751ef45

      SHA1

      3abc1900fa327bbf1419ee4decda2e1409148f36

      SHA256

      b976c515245ceb9dcccdb06cb871fbe24d1f6a00d49bb18cd6552bb41334b6b1

      SHA512

      f67cab6181312f8683793a1b75fff8b9ae533b616ce6476c283b4505ce4e5e7de175c713c95bbe4a57024a438e7daa032cd14ab9b6ad40f68fd2b4eb668c8306

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab96E6.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar97E6.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF479C950D0E3F22BE.TMP
      Filesize

      16KB

      MD5

      4a4eed3d71f7880f28018c71981744bc

      SHA1

      242061f2772306fb8175731b6404dcd6675549ac

      SHA256

      df825a6075ff6b26165865d159ca249c219fd8311bab232932f2159c6527364a

      SHA512

      b44e2f0f6bb84a94b85d2c200e235402bb6260196fdb99af674356774383704635df9e50d93e28677a19d4747105be8f9d890c5ef7958a33019e0baca57b8b11

      Download Submit
    • memory/2156-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2156-8-0x0000000001CF0000-0x0000000001CF2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2156-4-0x00000000002A0000-0x00000000002BB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2156-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2156-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2156-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2156-490-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download