Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-03-2024 22:45

General

  • Target

    6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe

  • Size

    682KB

  • MD5

    6040407905ea1aa24dd58dc8befa4255

  • SHA1

    96ecf27fd10a6663cbfaadb7643abeaf4061ea77

  • SHA256

    2f2831bdecd1f925134fd944fc57f84b76ffe872e01c66f3662f1f9194a4b362

  • SHA512

    d16e31ae6f510ab9f2f2474c064781c15e666f871a969f394f3e6590c7c1dabf19a98c62866e0342d4e6ec9cb40ab2f036c0d687c92f34df7527c340dae923f2

  • SSDEEP

    12288:hSBIB+gqzVl16yDr67jAkWoDq5jAyWb3PnB5JRU/V18H:sBVVmEJaqdAtj/RRGV

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mexq

Decoy

cyebang.com

hcswwsz.com

50003008.com

yfly624.xyz

trungtamhohap.xyz

sotlbb.com

bizhan69.com

brandmty.net

fucibou.xyz

orderinformantmailer.store

nobleminers.com

divinevoid.com

quickappraisal.net

adventuretravelsworld.com

ashainitiativemp.com

ikkbs-a02.com

rd26x.com

goraeda.com

abbastanza.info

andypartridge.photography

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

  • Xloader payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/460-12-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/460-15-0x0000000001A40000-0x0000000001D8A000-memory.dmp

    Filesize

    3.3MB

  • memory/3472-6-0x0000000005690000-0x000000000569A000-memory.dmp

    Filesize

    40KB

  • memory/3472-3-0x0000000005820000-0x00000000059A6000-memory.dmp

    Filesize

    1.5MB

  • memory/3472-4-0x0000000005730000-0x00000000057C2000-memory.dmp

    Filesize

    584KB

  • memory/3472-5-0x0000000005B90000-0x0000000005BA0000-memory.dmp

    Filesize

    64KB

  • memory/3472-0-0x0000000074D50000-0x0000000075500000-memory.dmp

    Filesize

    7.7MB

  • memory/3472-7-0x0000000005AD0000-0x0000000005ADA000-memory.dmp

    Filesize

    40KB

  • memory/3472-8-0x0000000074D50000-0x0000000075500000-memory.dmp

    Filesize

    7.7MB

  • memory/3472-9-0x0000000005B90000-0x0000000005BA0000-memory.dmp

    Filesize

    64KB

  • memory/3472-10-0x0000000006E20000-0x0000000006EBC000-memory.dmp

    Filesize

    624KB

  • memory/3472-11-0x0000000006D80000-0x0000000006DF8000-memory.dmp

    Filesize

    480KB

  • memory/3472-2-0x0000000005C40000-0x00000000061E4000-memory.dmp

    Filesize

    5.6MB

  • memory/3472-14-0x0000000074D50000-0x0000000075500000-memory.dmp

    Filesize

    7.7MB

  • memory/3472-1-0x0000000000C10000-0x0000000000CC0000-memory.dmp

    Filesize

    704KB