Overview

overview

10

Static

static

7

fe190fa192...18.exe

windows7-x64

10

fe190fa192...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-04-2024 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118.exe

  • Size

    688KB

  • MD5

    fe190fa19206fc7f07bd4d8408190dcf

  • SHA1

    58258c31b2bd81485cfc1d6452fa418730f93879

  • SHA256

    d0b2758fa189a9c465ce6500f7f225ea6201c217af1cd80f095e10c5baef9643

  • SHA512

    e6ddc82179fd90d0e5ac4fd60fdacfdd07a5869102e6882a3adfb26ee5882efc7c9b9afe922cbe41f14f2408dc781e20cbb56a61c19c65e9578f21ea9ff53409

  • SSDEEP

    12288:z0jO6UKCkocDrq9HHXLMzmM4z9bKScZtmB/338F3i2jFKeH01g4+z:Z8ocCXLKmR92ScnmF338Fyhgv

Score
10/10
gh0stratratvmprotect

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:5068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5068-0-0x0000000000400000-0x0000000000551000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/5068-1-0x0000000077640000-0x0000000077641000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5068-2-0x0000000010000000-0x0000000010018000-memory.dmp
    Filesize

    96KB

    Download
  • memory/5068-5-0x0000000002500000-0x0000000002545000-memory.dmp
    Filesize

    276KB

    Download
  • memory/5068-7-0x0000000000400000-0x0000000000551000-memory.dmp
    Filesize

    1.3MB

    Download