Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-04-2024 03:05

General

  • Target

    81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe

  • Size

    591KB

  • MD5

    81ecab9fa2aa18c3d5dc61e9b2bebb7b

  • SHA1

    293ab6dd02f04a4b25d3f92a27385b49a042ab05

  • SHA256

    ad1a7132112ed0a17f526989f2f50b61a43c71180de093582866b4541c24adc7

  • SHA512

    8dc5e2a84de8c3fc4d8821c77143059e6513788d1eab51055df0a7a567aac995f3a6b01f1199380df1149b8aca04affd3680adb9696b6144ccb2ea4a5cd4b560

  • SSDEEP

    12288:1aMPkBSBaeVAf4HgytutmnXZvmYEzLlXhf2LuK:gMPjBaMAAgytPMYEpX5uuK

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wogm

Decoy

sub-dude.net

repeatcustom.com

goodspaz.com

sinagropuree.com

jyh8886.com

muescabynes.quest

stark.agency

nolimit168.com

hypermediastore.com

arab-xt-pro.com

gruppovimar.com

santamariamoto.express

affaridistribuciones.com

straetah.com

collectionsbyvivi.com

nalainteriores.com

weeklywars.com

insightmyhome.com

ucml.net

herderguru.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

  • Xloader payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Users\Admin\AppData\Local\Temp\81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\81ecab9fa2aa18c3d5dc61e9b2bebb7b_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3344-11-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/3344-15-0x0000000001960000-0x0000000001CAA000-memory.dmp

    Filesize

    3.3MB

  • memory/3344-14-0x0000000001960000-0x0000000001CAA000-memory.dmp

    Filesize

    3.3MB

  • memory/4504-6-0x00000000053C0000-0x00000000053CA000-memory.dmp

    Filesize

    40KB

  • memory/4504-4-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

    Filesize

    64KB

  • memory/4504-5-0x0000000004DF0000-0x0000000004DFA000-memory.dmp

    Filesize

    40KB

  • memory/4504-0-0x00000000003A0000-0x000000000043A000-memory.dmp

    Filesize

    616KB

  • memory/4504-7-0x00000000749C0000-0x0000000075170000-memory.dmp

    Filesize

    7.7MB

  • memory/4504-8-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

    Filesize

    64KB

  • memory/4504-9-0x0000000006480000-0x000000000651C000-memory.dmp

    Filesize

    624KB

  • memory/4504-10-0x00000000065A0000-0x000000000661A000-memory.dmp

    Filesize

    488KB

  • memory/4504-3-0x0000000004E40000-0x0000000004ED2000-memory.dmp

    Filesize

    584KB

  • memory/4504-13-0x00000000749C0000-0x0000000075170000-memory.dmp

    Filesize

    7.7MB

  • memory/4504-2-0x00000000053F0000-0x0000000005994000-memory.dmp

    Filesize

    5.6MB

  • memory/4504-1-0x00000000749C0000-0x0000000075170000-memory.dmp

    Filesize

    7.7MB