Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 21:32

General

  • Target

    26d6aa10ad93d6aa5281483ac169bf3a_JaffaCakes118.exe

  • Size

    91KB

  • MD5

    26d6aa10ad93d6aa5281483ac169bf3a

  • SHA1

    331f191e3a85d7e97810ae62617c5a0d9b2babce

  • SHA256

    07a2a449026acd0e941bfc8138266a5399e5a78f6ce5dc926a30d45c41558f11

  • SHA512

    6a70376301a1c811f3fce2ab74f67dcf302aad6a0fc172aa86ffce6c7850d85be797af7bdb5386b5235e543ac50da2dbb20992aa5634a4be710a8067054d26f4

  • SSDEEP

    1536:bw54SjpaSUkBy3y4OWinukAPzSatP4zlkwKQuvFboV8jXSk:ypIXJOWinZah4zgTvxoVcXS

Score
10/10

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26d6aa10ad93d6aa5281483ac169bf3a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\26d6aa10ad93d6aa5281483ac169bf3a_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Users\Admin\AppData\Local\Temp\26d6aa10ad93d6aa5281483ac169bf3a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\26d6aa10ad93d6aa5281483ac169bf3a_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:4620
  • C:\Windows\SysWOW64\sendarr.exe
    "C:\Windows\SysWOW64\sendarr.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1332
    • C:\Windows\SysWOW64\sendarr.exe
      "C:\Windows\SysWOW64\sendarr.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:4112

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1332-21-0x00000000009B0000-0x00000000009C0000-memory.dmp

          Filesize

          64KB

        • memory/1332-29-0x00000000006C0000-0x00000000006CD000-memory.dmp

          Filesize

          52KB

        • memory/1332-15-0x00000000006D0000-0x00000000006DD000-memory.dmp

          Filesize

          52KB

        • memory/1332-19-0x00000000006D0000-0x00000000006DD000-memory.dmp

          Filesize

          52KB

        • memory/1332-20-0x00000000006C0000-0x00000000006CD000-memory.dmp

          Filesize

          52KB

        • memory/4112-23-0x0000000000650000-0x000000000065D000-memory.dmp

          Filesize

          52KB

        • memory/4112-22-0x0000000000640000-0x000000000064D000-memory.dmp

          Filesize

          52KB

        • memory/4112-32-0x0000000000640000-0x000000000064D000-memory.dmp

          Filesize

          52KB

        • memory/4112-28-0x0000000000660000-0x0000000000670000-memory.dmp

          Filesize

          64KB

        • memory/4112-27-0x0000000000650000-0x000000000065D000-memory.dmp

          Filesize

          52KB

        • memory/4604-0-0x0000000002A40000-0x0000000002A4D000-memory.dmp

          Filesize

          52KB

        • memory/4604-5-0x0000000002A30000-0x0000000002A3D000-memory.dmp

          Filesize

          52KB

        • memory/4604-6-0x0000000002A50000-0x0000000002A60000-memory.dmp

          Filesize

          64KB

        • memory/4604-14-0x0000000002A30000-0x0000000002A3D000-memory.dmp

          Filesize

          52KB

        • memory/4604-4-0x0000000002A40000-0x0000000002A4D000-memory.dmp

          Filesize

          52KB

        • memory/4620-11-0x0000000002B80000-0x0000000002B8D000-memory.dmp

          Filesize

          52KB

        • memory/4620-13-0x0000000002B90000-0x0000000002BA0000-memory.dmp

          Filesize

          64KB

        • memory/4620-12-0x0000000002B70000-0x0000000002B7D000-memory.dmp

          Filesize

          52KB

        • memory/4620-31-0x0000000002B70000-0x0000000002B7D000-memory.dmp

          Filesize

          52KB

        • memory/4620-30-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

        • memory/4620-7-0x0000000002B80000-0x0000000002B8D000-memory.dmp

          Filesize

          52KB