Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-04-2024 07:03

General

  • Target

    6b2820ea47559925d86ee665e92a111e_JaffaCakes118.exe

  • Size

    560KB

  • MD5

    6b2820ea47559925d86ee665e92a111e

  • SHA1

    0e7e5adad12e3b3979ad9d9e1ef854d745c6f629

  • SHA256

    de12f96f01168f625165bda83f4d556d00d6c473e61aa5c6f424aed07ae9cc04

  • SHA512

    66281b9b82368fefc29ff622561817d9011e0dee684fdd300dd9d7a49161de305916effcfb0e27dc2c16e7fe2dde4ce3f8489d2629de3a25af5c6a1e72082a41

  • SSDEEP

    12288:mhvrUtBHpNx6trWJc9h4OP4W4Cm5G1PQzLR80:eDUtdnxgrW+1+xQ14F8

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

Decoy

advellerd.xyz

giasuvina.com

arab-xt-pro.com

ahsltu2ua4.com

trasportesemmanuel.com

kissimmeesoccercup.com

studyengland.com

m2volleyballclub.com

shyuehuan.com

elsml.com

blog-x-history.top

coditeu.com

allattachments.net

vigautruc.com

mentication.com

zambiaedu.xyz

filadelfiacenter.com

avlaborsourceinc.info

tameka-stewart.com

studio-cleo.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

  • Xloader payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b2820ea47559925d86ee665e92a111e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6b2820ea47559925d86ee665e92a111e_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Users\Admin\AppData\Local\Temp\6b2820ea47559925d86ee665e92a111e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\6b2820ea47559925d86ee665e92a111e_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1460-6-0x0000000000E30000-0x0000000000E82000-memory.dmp

    Filesize

    328KB

  • memory/1460-1-0x0000000074AE0000-0x00000000751CE000-memory.dmp

    Filesize

    6.9MB

  • memory/1460-2-0x00000000009A0000-0x00000000009E0000-memory.dmp

    Filesize

    256KB

  • memory/1460-3-0x0000000000830000-0x0000000000848000-memory.dmp

    Filesize

    96KB

  • memory/1460-4-0x0000000074AE0000-0x00000000751CE000-memory.dmp

    Filesize

    6.9MB

  • memory/1460-5-0x00000000009A0000-0x00000000009E0000-memory.dmp

    Filesize

    256KB

  • memory/1460-0-0x0000000001260000-0x00000000012F2000-memory.dmp

    Filesize

    584KB

  • memory/1460-12-0x0000000074AE0000-0x00000000751CE000-memory.dmp

    Filesize

    6.9MB

  • memory/2608-7-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2608-8-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2608-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

  • memory/2608-11-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2608-13-0x0000000000910000-0x0000000000C13000-memory.dmp

    Filesize

    3.0MB