Overview

overview

10

Static

static

3

b8299962f9...18.exe

windows7-x64

10

b8299962f9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 10:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8299962f91574e5e55df6b185ca1863_JaffaCakes118.exe

  • Size

    435KB

  • MD5

    b8299962f91574e5e55df6b185ca1863

  • SHA1

    183cf913b5e49a6afafc9f8fa64b13dd43694ad3

  • SHA256

    323601b883c4efcdfedf91176a6cd3aa74bb1f74430ccaf74ffb7712862bd1f0

  • SHA512

    67acec1a142453d99c2b1b13a5fd252b91cd9de3f991fc729a4284712a68af25b9bec5e1a18a03c9118c1f06b2dbee649dfd7e962b7a0e8fab64c4370f77b2bf

  • SSDEEP

    6144:Jas7AFNN4R0Nt4Ca3ge9bZk4tqT+Gh1oHZNCtKtrOm4su4aNZhzD9F:N7AFNN4+Nt4r59tkhPwntrO4a79BF

Score
10/10
gozi3533bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214107

Extracted

Family

gozi

Botnet

3533

C2

gmail.com

google.com

s82dortha27r.top

qcnick5990.top

sd6eb.com
Attributes
  • build

    214107

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8299962f91574e5e55df6b185ca1863_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b8299962f91574e5e55df6b185ca1863_JaffaCakes118.exe"
    1⤵
      PID:2428
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2344
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2452
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2356
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1704
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1524
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1628

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a02a663103f6b6137f1901ecd21598af

      SHA1

      e69ae7dc81dfaf944ae69b4c267a9c5896a2fbc6

      SHA256

      35792cfcaa4813d6988273880af895c7637596159e27ad0ad6f8a5b5090ff172

      SHA512

      3d2d7ffb1eb7c3a67cdd4c3ffb5950bd817ca38c27ade72a0aa620662dcf7e92d43190d60b222582df290d238c53e4a207f907264545b17e0fa8136674569794

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      26ed33a0640004260fa953c526f3a6e7

      SHA1

      b65bacf320e3a4526b967a545bad878fc04a86ab

      SHA256

      94c9c8fdf8e4d60c5345a4cf96fc884a05fa65ac62e463effc96d38e5e7447af

      SHA512

      d06c447967c2ec7f4fa3fe80981fc8471c8122306a04939fe158a6bf56170913d34e5f1135a24d4738dafc8463ad5c3874148ab889419df93176f5e7d44c3884

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      017a8b246144249dcc1d782e7c650ef9

      SHA1

      2007bb4812f7a84adfaa5500025d7eb9b5519a97

      SHA256

      2dd8e6d0962487874e063c917325387fd106018ba1175434f2442de85e3cae46

      SHA512

      d23d46e9ca151586b340a118169b8d87c15cf600194aeb76e14c31db7b1b4ee96fb843c608dc436794cffc426e1162eb4b94086172bcffef7e4ce52b903b0fb5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e51cbe5cb3b4316e72afd5296139eb2f

      SHA1

      75fe1dbaea0dd24172cc1c04b6075bcb4117cd5b

      SHA256

      4962fa7c4e4c8d9bf8ffaa448f8bd448cf5f3137d4a221787f1ccd4b1d70b381

      SHA512

      bb65f78c32cf76ff8a8ef800897a82cb6385e0234e9e8921325adf2bb83a8f4560d8c30adab4b3b109e8f0b7d8ac57a693fab256b9608bcefc6646f67a8d7a6c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c7392146e7b436271c4b48c0ba58610

      SHA1

      f6799a1f81f4bbbfe4b091795e8a2021e46277ea

      SHA256

      8526ad3e0a1f3c08fcf8f926de09cf53dcb6207007948ba7880d18b2b62eb92b

      SHA512

      0c62eb509bb93eee3add663ba486704094ab8db368dbf56849fc7c8202f242f4e37df8a06d2de0c2ac12de4add5f86229bf61b4bc13627d9a3fba9cbba0cd334

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b760e2371b09ea359a57fea71c876d6c

      SHA1

      2de190b64878e4f1913327766f9be6fcdf232ee8

      SHA256

      9372f5e6701dcb2dc0c37810d00a95702e4b78fee61dc9634ab29842c72fc555

      SHA512

      114046ab151264a499d57180f4aa0e164ce88dc0aa2e0fc159b308905e5307d4f510a1d9544a7e36a72c76fc61baa18e72c7d11c53556fb9e8ba691e83842abd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da491ec642108c337c1b54345a1be53e

      SHA1

      c45b9bb273a89f9940e6631cf7b020af108f3e20

      SHA256

      b904cdbbd5dac89883d5c2dd9af42446e52c558a922f7d906f983b4c83ee67d9

      SHA512

      c17f7d892d329bf626c67e604c2123074bf2b05b7e5f8e4efc660d06cdfcd50040e85b0bb1647d030ccca4db17fd78731fe29c571e123081301d8c32af7f8fe1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a5a76772b6734cf318d2c44bbeaf69f

      SHA1

      8f99602a30ce297b86d3b7f0c3e286243d8f9ec4

      SHA256

      34eec4a4aa96da353a3aad3ff88e7d590bc316393bc10d56861f308f1f4d69e7

      SHA512

      79cad4f27ad39708fdfe14409a42edb29e8d9c4292a77a816ac2207bd2392b71a158c425aff157f8cf5ece6af4da7cce77ad1bda09fda5b5a1859dbbc646f874

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d77ea7e241ea2ad3f2cd63020c77a8da

      SHA1

      c329163b4e5d0e965e2c5c6eded2b256652f8ec7

      SHA256

      16992cc5ce08d62c60e10f24bebd461621290e5e45b37e7bdebaa1b23f331fdd

      SHA512

      36a1470ee10b96b413e17ca989ec004ba9000f73c4eb6c85a500bd94e56372055231399395134cbbe2b307332dcc3d989238b91b6aa821966085996fe9c01ee2

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab6D6.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7D4.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF8911188FCBECEDC1.TMP
      Filesize

      16KB

      MD5

      27dd56feef41300add5644299112b0cc

      SHA1

      1c7b901fbd202b5052eb640d12799cacfb268424

      SHA256

      cc264523d5c890ef733745328b6afd6f6423c973c31d62cea24bd1831a4f4b60

      SHA512

      8b24148b18ed8f647e52fb9c741f5b246817543c122ab34c076a20bc2d5671970a17e8d3f26d2c5a1f0a6d2b5abba986e55f046d2829cde034b1663a65b6ee1d

      Download Submit
    • memory/2428-3-0x0000000000100000-0x000000000010F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2428-2-0x00000000001C0000-0x0000000001239000-memory.dmp
      Filesize

      16.5MB

      Download
    • memory/2428-1-0x00000000001C0000-0x0000000001239000-memory.dmp
      Filesize

      16.5MB

      Download
    • memory/2428-10-0x0000000001240000-0x0000000001242000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2428-445-0x00000000001C0000-0x0000000001239000-memory.dmp
      Filesize

      16.5MB

      Download
    • memory/2428-446-0x00000000001C0000-0x0000000001239000-memory.dmp
      Filesize

      16.5MB

      Download