Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-04-2024 03:05

General

  • Target

    81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe

  • Size

    591KB

  • MD5

    81ecab9fa2aa18c3d5dc61e9b2bebb7b

  • SHA1

    293ab6dd02f04a4b25d3f92a27385b49a042ab05

  • SHA256

    ad1a7132112ed0a17f526989f2f50b61a43c71180de093582866b4541c24adc7

  • SHA512

    8dc5e2a84de8c3fc4d8821c77143059e6513788d1eab51055df0a7a567aac995f3a6b01f1199380df1149b8aca04affd3680adb9696b6144ccb2ea4a5cd4b560

  • SSDEEP

    12288:1aMPkBSBaeVAf4HgytutmnXZvmYEzLlXhf2LuK:gMPjBaMAAgytPMYEpX5uuK

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wogm

Decoy

sub-dude.net

repeatcustom.com

goodspaz.com

sinagropuree.com

jyh8886.com

muescabynes.quest

stark.agency

nolimit168.com

hypermediastore.com

arab-xt-pro.com

gruppovimar.com

santamariamoto.express

affaridistribuciones.com

straetah.com

collectionsbyvivi.com

nalainteriores.com

weeklywars.com

insightmyhome.com

ucml.net

herderguru.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

  • Xloader payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Users\Admin\AppData\Local\Temp\81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1716-6-0x0000000005150000-0x00000000051CA000-memory.dmp

    Filesize

    488KB

  • memory/1716-1-0x0000000074600000-0x0000000074CEE000-memory.dmp

    Filesize

    6.9MB

  • memory/1716-2-0x0000000002220000-0x0000000002260000-memory.dmp

    Filesize

    256KB

  • memory/1716-3-0x00000000005C0000-0x00000000005CA000-memory.dmp

    Filesize

    40KB

  • memory/1716-4-0x0000000074600000-0x0000000074CEE000-memory.dmp

    Filesize

    6.9MB

  • memory/1716-5-0x0000000002220000-0x0000000002260000-memory.dmp

    Filesize

    256KB

  • memory/1716-0-0x0000000000C20000-0x0000000000CBA000-memory.dmp

    Filesize

    616KB

  • memory/1716-12-0x0000000074600000-0x0000000074CEE000-memory.dmp

    Filesize

    6.9MB

  • memory/2596-7-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2596-8-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2596-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

  • memory/2596-11-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2596-13-0x0000000000880000-0x0000000000B83000-memory.dmp

    Filesize

    3.0MB