Overview

overview

10

Static

static

1

JJUmnnkIxSCyKik.exe

windows7-x64

10

JJUmnnkIxSCyKik.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JJUmnnkIxSCyKik.exe

  • Size

    778KB

  • MD5

    d3276b14eaab222d13f7f15dc879ed16

  • SHA1

    8d5809ae7176e28e61245b18678ef3bada66f414

  • SHA256

    864b5669f18681ae03edbd7c3b3bbf6732e55191d4883f18783eb9c611fa9a17

  • SHA512

    9a552073cb2f81f6b623f20bc388a68a1c1e5fe79198ae5c59a9548e5228db408e263bc3f57ac8a915e7971df41be5a1f6588b225ac5fdf6500bb5f58086ac52

  • SSDEEP

    24576:AHPjKr5BNDoxwj4R0zyfx+VC6vkI8F4WSI+y9:6k5BNYSNq6vcI8FQW

Score
10/10
formbookbe03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

be03

Decoy

458q14v4ams2.com

priceoctopus.com

betinplay.xyz

bcnd.xyz

1510soliveavenue.com

mcdpropertypros.com

reddcrownexpress.com

rewardlabs.shop

burenbrand.com

revand.io

tractionendurancecoaching.com

jotaerreshopp.com

shopboyg.com

dakor.shop

groundswellmag.life

nehagadodia.com

dancarellibizbroker.com

meconline.co

ttmq.cc

thegoldenyouph.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Users\Admin\AppData\Local\Temp\JJUmnnkIxSCyKik.exe
      "C:\Users\Admin\AppData\Local\Temp\JJUmnnkIxSCyKik.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Users\Admin\AppData\Local\Temp\JJUmnnkIxSCyKik.exe
        "C:\Users\Admin\AppData\Local\Temp\JJUmnnkIxSCyKik.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        PID:2568
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\SysWOW64\msiexec.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 268
        3⤵
        • Program crash
        PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1116-25-0x0000000004FC0000-0x000000000510C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1116-18-0x0000000004FC0000-0x000000000510C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2220-13-0x0000000074960000-0x000000007504E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2220-1-0x0000000074960000-0x000000007504E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2220-2-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2220-3-0x0000000000370000-0x0000000000390000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2220-4-0x00000000003B0000-0x00000000003C4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2220-5-0x0000000005A50000-0x0000000005AC6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2220-0-0x0000000000DA0000-0x0000000000E64000-memory.dmp

    Filesize

    784KB

    Download

  • memory/2568-12-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2568-8-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2568-14-0x0000000000890000-0x0000000000B93000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2568-17-0x0000000000280000-0x0000000000294000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2568-16-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2568-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-6-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2920-19-0x0000000000D30000-0x0000000000D44000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2920-20-0x0000000000D30000-0x0000000000D44000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2920-22-0x0000000000D30000-0x0000000000D44000-memory.dmp

    Filesize

    80KB

    Download