Overview

overview

10

Static

static

3

b15727ac65...18.exe

windows7-x64

10

b15727ac65...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b15727ac65dec0e4c799293aa6cc0e5b_JaffaCakes118.exe

  • Size

    385KB

  • MD5

    b15727ac65dec0e4c799293aa6cc0e5b

  • SHA1

    1c57a692f1970dd878ba0c476c848d33d4ea74d7

  • SHA256

    8fe13cb71284ad861fd29c1dc11e2cb9c42d38c88ce7122bf6d303105fa4db65

  • SHA512

    85fbdd5ea1c35a2355b075daa383d45cbb04c6a0b3075b161d8be514f77ca77f6dda458899ae6b793e17b831b3dfb27920c815605bd01672a4b1f1f7127c0f59

  • SSDEEP

    6144:wiZbIVIRqTq+nfoeul6j5SuE/PB624EzWEydvkS+sTnGoPBJDm14LH6QriBi:wikq+nfAl6j5SXxKE0eknGoPHDXHW

Score
10/10
gozi3159bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3159

C2

pulneselle.com

vivitempen.com

jewayelome.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b15727ac65dec0e4c799293aa6cc0e5b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b15727ac65dec0e4c799293aa6cc0e5b_JaffaCakes118.exe"
    1⤵
      PID:2516
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2732
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2140
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:536
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:968 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2332
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0fa78883ae32bf067e5d193cdbaf6741

      SHA1

      f7a569bd2508bb66e9787e1cbf7840f2ebbd28cb

      SHA256

      3d0067b51db865d3d16d656a9eb7bcd44808a71b8197f583c39d1a3592d906e0

      SHA512

      e25c43121f862bdcb35b33fb8d2f39cafe40955be102e1a6f7ce2f97a02a3ddab898fec56cf9a79c844118a6c0d05bd76efe73aacd7893d44925c9de8d333bd4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1a005d8ebb8bae416c97840b24f7dee

      SHA1

      556792dbe8b46e9df6b2ecc102aa1b79a619c87f

      SHA256

      0b6d811dd813e644916e9e7446105710e518c4d49cf3c190f6ed918dc996e5c6

      SHA512

      613c46049b87bda60a01ecccf4bc5355f3c2c7770d9f9676da390de83a8b00bb837693f16a153fd43badde960beb530bb3e32dd52db5b7e6b9fe4f63eac3030e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2bfff37eb39b3ce915d1487939a71908

      SHA1

      f4f3d04074bbedfeb7a421189f7f1550ea8dc53b

      SHA256

      95c68565570ce2d1c5c366c098a89c53d238e36a2382ee7cb78e18b157eda512

      SHA512

      87baaeef27e339a04c6a9604d3a090e178e3b1fb152a1ead50c97ec6b605ce3b0287703a1f0f94238804fab23eb81559cb96c55e08ec0001401cfa450412e71d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e110a9242ef5652f5d1be26b5d11d849

      SHA1

      04ee18ceaa1d2fd5af4c348fe5058ceb0fa7aa94

      SHA256

      72985d98d25f070f69d11786d0376d4a6bbbde609e6581ea874e294fc1653753

      SHA512

      a41e2e90167673f9b7295c8958ee95f4da4ea300a210a644920c7fc1dacb26eabb0e37d2d553b5644613cbfabfb8e8872efd3d95073225c9490b4d5c1193e117

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b3314f9642b7982109038e12c8ac02d

      SHA1

      852fa49ba74e17b55bca7d3c3fde5113f2de9a2c

      SHA256

      b1e5bd65bfc32bc3fe5c678464d4c227d66b1e931c30be8c7c12638006dc8fe0

      SHA512

      9e49b4e4344ffdd5a62ca3058b453d005e549e92617b8c6d424dc64be59614dc0b71853ab4b33b9e383f8731989049b8121afefc6bb83a5b32f99e065f0a78bc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fbcc4165fc8733e9aa44572d37f88a12

      SHA1

      6e2c376a70c7db38e4b7793e092f497af49a8eb4

      SHA256

      29565f2a1decdfb24f5cc5c55f1513f2ed608a6bdd722fdf36de8d7920aab792

      SHA512

      fbf7ff25b9e7f66281b449f0a4280bd3279d9e5aafbd21c1127cc30d4bf56a0e32aae11737e762b8f89fc7da51ccc1ed62ddf33d11f02a88579609cc6b98ccfb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2eb1d8e0c07b0a431c9b5cc4754ea6ce

      SHA1

      0acc920383bd594e555f69fcf849bf83ed4d2864

      SHA256

      672d6de99b7db73c18c175067b98457c2394fbaef825be026fb12f657bd5fda9

      SHA512

      c5620256a514c8d5e63899ea1408c265ca20d1ae28526765dac33d21ed2576bcd142fa330bf2f98189d2e9270f6cce23ae32eaf3cb93bb75e4dec94edfc3e80e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7bc01d5301b0ec930e8dfa26e24f1f77

      SHA1

      a2e4b5bab065a546f471da79c047e9a7ffa558d2

      SHA256

      261f629a15f6b03a3833761f6684d66b7b85ece1791298f3ca3b62265b092133

      SHA512

      5d6ad98f9765be5859dbd2822904abba42d84d052d73f38be7c1f827cbcaf6f7c35345401a3fae2d5de83ad67cd1dd846b7af307e2388b43dc9b568d10d600b8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2b56dbf33fe733feb7d0038623f03825

      SHA1

      10852f0c771d83297acaabc51fb492fe616b5d11

      SHA256

      18a6d87ee4827b1a90cb64639cbd4726857cff44224387df568a7f32c0b20a3d

      SHA512

      a532539a6308de492aae1db59e78d4c4ff67ed100d0326ab2a7857a0c4635b659549c5220b8a81657a0ef2a3e12e39f14e143edf8d0d4c8898be10f0ae1a59ba

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA787.tmp
      Filesize

      67KB

      MD5

      2d3dcf90f6c99f47e7593ea250c9e749

      SHA1

      51be82be4a272669983313565b4940d4b1385237

      SHA256

      8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

      SHA512

      9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA83B.tmp
      Filesize

      160KB

      MD5

      7186ad693b8ad9444401bd9bcd2217c2

      SHA1

      5c28ca10a650f6026b0df4737078fa4197f3bac1

      SHA256

      9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

      SHA512

      135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFF8405FFA8AAA026D.TMP
      Filesize

      16KB

      MD5

      0a7c06af69bee9293e1c7f9e3f1349c4

      SHA1

      191814d03035d2cef82304fcd35ce9b3f32d018e

      SHA256

      433138592216c8e214ce28a6090c5894d15eb5b44d91d7303af3f38ddd5e67eb

      SHA512

      e7eb84440c402a1c8c19f37ee25ef2e57fd5e8a9961a72617b7bf226b2836c38da585cad62e4029578aed4817e70a97956d65b8d1d70714aa3407d185eb5c5db

      Download Submit
    • memory/2516-6-0x00000000001C0000-0x00000000001C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2516-3-0x0000000000170000-0x000000000018B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2516-2-0x0000000000140000-0x0000000000141000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2516-0-0x0000000000D30000-0x0000000000DA5000-memory.dmp
      Filesize

      468KB

      Download