Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 03:42

General

  • Target

    1f5509daf8dc61d183dda0aca41259d7_JaffaCakes118.exe

  • Size

    318KB

  • MD5

    1f5509daf8dc61d183dda0aca41259d7

  • SHA1

    dbf45750e7d0f706fdfedabfe67732b7052ead51

  • SHA256

    65436b3fd164492492c61dafbc428c6181090fca2d2eefcff5430751db9a9703

  • SHA512

    b6938425709f39d5278fb27f46519fce5c7875c230f28422962efbbdce7158d128e13fed505281f615343561dfbbceac89f0165d7f7dd44a4d1588f4a97f38ff

  • SSDEEP

    6144:IUr9yixK0dkI6ukU1EqlhVLLiLLwLL5ZbgiUPJtW:frxRdbDHTC3PJI

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

140.186.212.146:80

85.214.28.226:8080

142.44.137.67:443

162.241.242.173:8080

95.213.236.64:8080

176.111.60.55:8080

85.152.162.105:80

67.205.85.243:8080

173.81.218.65:80

5.196.74.210:8080

190.160.53.126:80

24.43.99.75:80

169.239.182.217:8080

47.144.21.12:443

89.205.113.80:80

112.185.64.233:80

216.208.76.186:80

121.124.124.40:7080

37.187.72.193:8080

87.106.136.232:8080

rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f5509daf8dc61d183dda0aca41259d7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1f5509daf8dc61d183dda0aca41259d7_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1548-0-0x0000000000C70000-0x0000000000C7C000-memory.dmp

    Filesize

    48KB

  • memory/1548-4-0x0000000000C50000-0x0000000000C59000-memory.dmp

    Filesize

    36KB

  • memory/1548-5-0x0000000000C70000-0x0000000000C7C000-memory.dmp

    Filesize

    48KB

  • memory/1548-6-0x0000000000C10000-0x0000000000C42000-memory.dmp

    Filesize

    200KB