Overview

overview

10

Static

static

3

b8299962f9...18.exe

windows7-x64

10

b8299962f9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 10:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8299962f91574e5e55df6b185ca1863_JaffaCakes118.exe

  • Size

    435KB

  • MD5

    b8299962f91574e5e55df6b185ca1863

  • SHA1

    183cf913b5e49a6afafc9f8fa64b13dd43694ad3

  • SHA256

    323601b883c4efcdfedf91176a6cd3aa74bb1f74430ccaf74ffb7712862bd1f0

  • SHA512

    67acec1a142453d99c2b1b13a5fd252b91cd9de3f991fc729a4284712a68af25b9bec5e1a18a03c9118c1f06b2dbee649dfd7e962b7a0e8fab64c4370f77b2bf

  • SSDEEP

    6144:Jas7AFNN4R0Nt4Ca3ge9bZk4tqT+Gh1oHZNCtKtrOm4su4aNZhzD9F:N7AFNN4+Nt4r59tkhPwntrO4a79BF

Score
10/10
gozi3533bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214107

Extracted

Family

gozi

Botnet

3533

C2

gmail.com

google.com

s82dortha27r.top

qcnick5990.top

sd6eb.com
Attributes
  • build

    214107

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8299962f91574e5e55df6b185ca1863_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b8299962f91574e5e55df6b185ca1863_JaffaCakes118.exe"
    1⤵
      PID:2172
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:8
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1348
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:968
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:388
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:388 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4696
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2308
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2468
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2248
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:17410 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          PID:2748
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3324
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3324 CREDAT:17410 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          PID:4048

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
        Filesize

        854B

        MD5

        8d1040b12a663ca4ec7277cfc1ce44f0

        SHA1

        b27fd6bbde79ebdaee158211a71493e21838756b

        SHA256

        3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

        SHA512

        610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
        Filesize

        1KB

        MD5

        375c6db674e4fcec8998d10b5fc1a258

        SHA1

        503a6c5e2bb75193a47de36f21911e556518a448

        SHA256

        98e318dc3acdd3526fef8e45c2220e5a9a63b0a826c317b83cb833ce1421d314

        SHA512

        67d392e6a5e86d664ff1f49602afde6f5a5b8f3d5aff979cf79cf00f9de11cec8f24e3f4be22c0528ba97944f88301ac0e8bea8f9955c6fb38afa6742f4a78f0

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_66CCC5B62B11DC0BCF6DCA05D4EDF1A5
        Filesize

        471B

        MD5

        fc49162813cbc25597907de7807f04ef

        SHA1

        ce34a8b7b674483020ebb02e475597c569bc4171

        SHA256

        99a1cc21953f31fdbcd258c2f3cd12943fbdf1140761642662c00e5bafcd0b62

        SHA512

        bb8a95ddf82a6c9672b3587541adf660d9d7252981f3a96efcd03610e2836b1946ae77f68416ca5dbbd99f2809a98a1176f002c5aef7e9047fe371259260ff86

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
        Filesize

        170B

        MD5

        c10e892f624726dbcba9f80b41434304

        SHA1

        e44adecdb1f517dc243a89336a67b0d979dac041

        SHA256

        c67b7810799eece4da4bca6e2d79f5f4f7f4f886747c7b463e996c173139694e

        SHA512

        991a21a1a3e857d7698dac787e537bf4301c2d5a9a7b438b988ee7db4a9eab76180441508b079838b90fb7e93012d97151fc2045bcf9d8d1f91863f2d5200f9c

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
        Filesize

        410B

        MD5

        0f0d9365a537e4de2422c7bb9ec7341c

        SHA1

        9b23660d57139bcf44954cb4e077b98fb1cbb9bb

        SHA256

        6e0387913962e55963e99173719479178b1098f0ce1c1bdae6e38139a28e077a

        SHA512

        e42a87a2f25204e678ea19fed81be7cbbc0139a746ece3ee83c774fe42e8a3e3b1f3f6ae08f9c0917f535c14dbae4b0456d16ab633d35dce467a44102ac4ded8

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_66CCC5B62B11DC0BCF6DCA05D4EDF1A5
        Filesize

        406B

        MD5

        0beae17ffa776f84122c6748123ac58b

        SHA1

        e61162c823fd6a2ffaa77a4080cc78731ad9ff0d

        SHA256

        bf13f1d08f02581b78c06865ea0698b0e9819f0da723adf67d408b58858abfb9

        SHA512

        4edc1ad6f1654362553a272ddb79422293fc161dca076a6891e44c756b99e445148097155e0207f002c3db8551853fe693b0ab114487aa5598bff58a1956ca8b

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8Z1Z4637\robot[1].png
        Filesize

        6KB

        MD5

        4c9acf280b47cef7def3fc91a34c7ffe

        SHA1

        c32bb847daf52117ab93b723d7c57d8b1e75d36b

        SHA256

        5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7

        SHA512

        369d5888e0d19b46cb998ea166d421f98703aec7d82a02dc7ae10409aec253a7ce099d208500b4e39779526219301c66c2fd59fe92170b324e70cf63ce2b429c

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZRDQ3WBJ\googlelogo_color_150x54dp[1].png
        Filesize

        3KB

        MD5

        9d73b3aa30bce9d8f166de5178ae4338

        SHA1

        d0cbc46850d8ed54625a3b2b01a2c31f37977e75

        SHA256

        dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

        SHA512

        8e55d1677cdbfe9db6700840041c815329a57df69e303adc1f994757c64100fe4a3a17e86ef4613f4243e29014517234debfbcee58dab9fc56c81dd147fdc058

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\~DF7D29E301205526CF.TMP
        Filesize

        16KB

        MD5

        1d8bf54f8f7307744894086cc83ee0df

        SHA1

        5fe7356b4ba728016e8a5581e066ceb32e0c0915

        SHA256

        29372d21efe780ed0ef9ef8213333f0fd3198c3e9c593d8f1fe828cd0e4acef5

        SHA512

        8e9d7e80f9fd5193d34deb62ccea084e651747a0b400b6067f257beec03a2d2033f884de9cab7f2c6aa40312838784903f15e12449bea00933911668114da6f8

        Download Submit
      • memory/2172-1-0x0000000000EE4000-0x0000000000EE7000-memory.dmp
        Filesize

        12KB

        Download
      • memory/2172-28-0x0000000000E80000-0x0000000001EF9000-memory.dmp
        Filesize

        16.5MB

        Download
      • memory/2172-3-0x0000000001FE0000-0x0000000001FEF000-memory.dmp
        Filesize

        60KB

        Download
      • memory/2172-2-0x0000000000E80000-0x0000000001EF9000-memory.dmp
        Filesize

        16.5MB

        Download
      • memory/2172-0-0x0000000000E80000-0x0000000001EF9000-memory.dmp
        Filesize

        16.5MB

        Download