Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
30-04-2024 05:04
General
-
Target
091594da96c121bd3e18c5a85bfe27c1_JaffaCakes118.exe
-
Size
737KB
-
MD5
091594da96c121bd3e18c5a85bfe27c1
-
SHA1
2e67b46334e1b1aae5c27c919f517ba759c00ce4
-
SHA256
314f0b21f24f66667f7368e97ab3074508efe5ee811e5984ab4d884fccdc6f3b
-
SHA512
19cfa75ecfc71e8dd32fc8af6639bf6c0bbb67665e5010754c38b68eae7ccae59fb4ac2852f5b7776661b69975fbdb025c629a919fffbc56bc1c5ba0d4bb2e1a
-
SSDEEP
12288:HxLAayUuy3hJA7pS4evYDyjqdGiq8QhE9rnHt+Sr5WGLxMLWmAijgugFputYdZt:HZyShJAc4evsW4Gib0EJN+Sr5vKWmAw4
Malware Config
Extracted
webmonitor
web77.wm01.to:443
-
config_key
Yx500sfaueJo0wEDjjDx6FU3y2XQM37M
-
private_key
GixqWBITl
-
url_path
/recv5.php
Signatures
-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor payload 10 IoCs
-
UPX packed file 11 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination 11 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\091594da96c121bd3e18c5a85bfe27c1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\091594da96c121bd3e18c5a85bfe27c1_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2772-1-0x0000000077A30000-0x0000000077A31000-memory.dmpFilesize
4KB
-
memory/2772-0-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-2-0x0000000000560000-0x0000000000561000-memory.dmpFilesize
4KB
-
memory/2772-3-0x0000000077A10000-0x0000000077B90000-memory.dmpFilesize
1.5MB
-
memory/2772-4-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-5-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-6-0x0000000077A10000-0x0000000077B90000-memory.dmpFilesize
1.5MB
-
memory/2772-7-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-8-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-10-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-11-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-13-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-14-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-15-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB
-
memory/2772-17-0x0000000000400000-0x0000000000537000-memory.dmpFilesize
1.2MB