Overview

overview

10

Static

static

3

1db6cfdb5a...18.exe

windows7-x64

10

1db6cfdb5a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    06/05/2024, 18:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe

  • Size

    511KB

  • MD5

    1db6cfdb5ad4a8bad8d7f845ce31fe5c

  • SHA1

    f402c985acc021702a78f526a488a69abdc2c7c7

  • SHA256

    8ac7288e8393fe255943388cae8e26a1d265cf87995e207d7d55da45391c7c4d

  • SHA512

    a45749ff5513fcba549e6a8a20470318a21818b5ab8baaaed3a69b53d0ac3fb599ec480e9bb95d32c64191f38d623ebf08594ec0f13949586198df47729c0756

  • SSDEEP

    12288:PyBwQGzyIhAJnAK8YRInVzOdsN2DwAZLqo08yckYDXxT+USJku1VNZetV3RpRryk:jQGzyRAKN5DQ2yc

Score
10/10
imminentspywaretrojan

Malware Config

Signatures

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Admin\AppData\Local\Temp\1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      "{path}"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2612
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:2572

    Network

    • flag-us
      DNS
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      solarintel.linkpc.net
      IN A
      Response
      solarintel.linkpc.net
      IN CNAME
      linkpc.net
      linkpc.net
      IN A
      139.99.66.103
    • flag-us
      DNS
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      solarintel.linkpc.net
      IN A
      Response
      solarintel.linkpc.net
      IN CNAME
      linkpc.net
      linkpc.net
      IN A
      139.99.66.103
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      96 B
       2
    • 139.99.66.103:9009
      solarintel.linkpc.net
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      104 B
       2
    • 8.8.8.8:53
      solarintel.linkpc.net
      dns
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      67 B
       97 B
       1
      1

      DNS Request

      solarintel.linkpc.net

      DNS Response

      139.99.66.103

    • 8.8.8.8:53
      solarintel.linkpc.net
      dns
      1db6cfdb5ad4a8bad8d7f845ce31fe5c_JaffaCakes118.exe
      67 B
       97 B
       1
      1

      DNS Request

      solarintel.linkpc.net

      DNS Response

      139.99.66.103

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1952-0-0x0000000074AD1000-0x0000000074AD2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1952-1-0x0000000074AD0000-0x000000007507B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1952-2-0x0000000074AD0000-0x000000007507B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1952-16-0x0000000074AD0000-0x000000007507B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2612-9-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2612-13-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2612-11-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2612-7-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2612-5-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2612-3-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2612-4-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2612-15-0x0000000074AD0000-0x000000007507B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2612-6-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2612-14-0x0000000074AD0000-0x000000007507B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2612-18-0x0000000074AD0000-0x000000007507B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2612-23-0x0000000074AD0000-0x000000007507B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2612-24-0x0000000074AD0000-0x000000007507B000-memory.dmp

      Filesize

      5.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.