Overview

overview

10

Static

static

3

21fac61365...18.exe

windows7-x64

10

21fac61365...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-05-2024 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21fac61365987a8abfcd0b429a2497bf_JaffaCakes118.exe

  • Size

    302KB

  • MD5

    21fac61365987a8abfcd0b429a2497bf

  • SHA1

    114fc4d7533b3fd0dd4d034ae55847d4885d1c70

  • SHA256

    8d97e718b37cc67721fa25fa05b78f12a750b1c6726805a23c43d3b5497d6e6b

  • SHA512

    d86ab5c4e3f1a33a929a99fa57df943e7ae4086543f947f8178a1216d19c1c16c68f350b36a53b062b55d63f0491f6065a7c3e0813edac7f806158c7035da66b

  • SSDEEP

    6144:+z+92mhAMJ/cPl3ix0LcjsyBhpH3AY4n3ZfJUh+HsgpqR0r8sqPTAv:+K2mhAMJ/cPlijsyBhpH3AY+3ZGe

Score
10/10
plugxtrojan

Malware Config

Signatures

  • Detects PlugX payload 18 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 16 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21fac61365987a8abfcd0b429a2497bf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\21fac61365987a8abfcd0b429a2497bf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\RsTray.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\RsTray.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:1700
  • C:\ProgramData\360\RsTray.exe
    C:\ProgramData\360\RsTray.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe 201 0
      2⤵
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2432
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\system32\msiexec.exe 209 2432
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\SxS\bug.log
    Filesize

    4KB

    MD5

    8d770a9af761ffd730138dff7e7ee955

    SHA1

    f494f853a341d2ad634436598379194f8b1d103d

    SHA256

    78165bca194e098f05838a74fe8d1c6e656730601704275a440faed38e3e7948

    SHA512

    3653cf222bb936881b1bfef3fbe204eb58390f1b49c26192c7aae400d4378d2aefb01c8f9b6b42ecf078603f1c6ffea95cdd13e37c566fe8b5f418dadd01e1d7

    Download Submit

  • C:\ProgramData\SxS\bug.log
    Filesize

    3KB

    MD5

    295decc75adb2474ae45d4291a9a111e

    SHA1

    92102f1e5868f3139b7027120524d785a674f6b9

    SHA256

    8d76c61be8682c425cb15e89e0179c1c8e35cb86e7b6b54c60ef8239317d3d7a

    SHA512

    56c3090f32c2523c55d8dbe171efd64c423ded0d3cc67993a9d81c71379ee61a250317953cfbcdcb2f46969cdf85e586690f5adbeaed1175cca7268e220c97d8

    Download Submit

  • C:\ProgramData\SxS\bug.log
    Filesize

    3KB

    MD5

    8ec93a87c25fd93235d3668540a1126c

    SHA1

    b8839a0853d8f3c43c02082ff5530263cc07eba6

    SHA256

    5bee4bb85703a6e309820f910be3766d7b88cebd96374030803d7aec3562f4cf

    SHA512

    0f54f16d469f241bb58712e6b6ae4946ac1887e7dd894858bb2a0549a0c6489a216ffa09c5e14dd5e6977501bc876b175751801043c14ffff77f976ab2794dc9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\comserv.dll.url
    Filesize

    122KB

    MD5

    7a2b112e3291887512f318865b5205e3

    SHA1

    9719a3e9cd3a4f91954a689d4bfef26cc63cc8c0

    SHA256

    d863346dcbf9a3926e50af34b2b7c148ef15ca5d6942c1a0b5ccd7f06bbc902a

    SHA512

    70c5beccd1efd0c70201c7632bd795a7410c225ddf0318affcc8f5e22b4a02af4ae32221c42a69184c9a05961c5d50e331ac7cba88e6663ceeb30372685996a9

    Download Submit

  • \ProgramData\360\comserv.dll
    Filesize

    41KB

    MD5

    b1253aa4e944916ab10235348cd6a3dd

    SHA1

    0046b288ba631f7363350e797ceb703ec8ae830e

    SHA256

    cb974a188d63849431ffe8868ee4faf020c3ff8679c0f0dd08d10fa91fa9c1eb

    SHA512

    d5134a43457ebb64e4d523cdb74ed1fda4b1d9d6f16919a5f7021858740d85832b8a7954631801f46bd460a5f2df7e6c5b70d37ef61a4e85deffb6cb9460d023

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX0\RsTray.exe
    Filesize

    174KB

    MD5

    d65adc7ad95e88fab486707b8c228f17

    SHA1

    dfa0589b58a469e34695a22313d184e5352a3282

    SHA256

    a3674fef407c354e911a8a6c7d4b991802c47cf6409d6dc32dc84be6312159e2

    SHA512

    3c9114610dfc107adec6a6220356607c737499866eba965985bb1f6b9aedbfae529a5432abb8307ce0653580fab9c2580c66d96ef4cdb4319a0fde5ad3c3ac01

    Download Submit

  • memory/1700-37-0x00000000006B0000-0x00000000006E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1700-22-0x00000000006B0000-0x00000000006E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1700-36-0x0000000000430000-0x0000000000530000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2432-77-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-97-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-46-0x00000000000A0000-0x00000000000BD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2432-64-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-82-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-108-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-81-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-80-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-76-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-75-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-74-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2432-100-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-49-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2432-44-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2432-48-0x00000000000C0000-0x00000000000C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2512-90-0x0000000000420000-0x0000000000451000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-94-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2512-96-0x0000000000420000-0x0000000000451000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-95-0x0000000000420000-0x0000000000451000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2624-42-0x00000000002A0000-0x00000000002D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2624-47-0x00000000002A0000-0x00000000002D1000-memory.dmp

    Filesize

    196KB

    Download