Resubmissions

08/05/2024, 15:06

240508-sg11pace89 10

08/05/2024, 15:02

240508-sehfkacd88 10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 15:06

General

  • Target

    2564da359d80d04c9694514158ede3b2_JaffaCakes118.exe

  • Size

    232KB

  • MD5

    2564da359d80d04c9694514158ede3b2

  • SHA1

    2530df461e454959891ea806c3ff15b6bf51d4ca

  • SHA256

    45d879c2e5a55a5c9ac2da5e937e1b531a60ca5a863c44201e4be276ef593619

  • SHA512

    d337278b7adf8d856b45d3f185dce95ed452595760368a579fd7e2e0a19e4fe37e04d4f301cc1050a2861f5a2b969144f6bdfeebf71ef1f5d6c37ecd73dd0cb6

  • SSDEEP

    1536:KsNolkagL6YpgXBx7wJc68fN6Q+H2Ar5q2lM/xSr9uHObV:7olkP+ZxcJrH2A9DlmSmOJ

Score
10/10

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2564da359d80d04c9694514158ede3b2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2564da359d80d04c9694514158ede3b2_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4344
    • C:\Windows\SysWOW64\extidtexture.exe
      "C:\Windows\SysWOW64\extidtexture.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:884
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1040,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:8
    1⤵
      PID:4036

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/884-14-0x0000000000EA0000-0x0000000000EAF000-memory.dmp

            Filesize

            60KB

          • memory/884-10-0x0000000000EA0000-0x0000000000EAF000-memory.dmp

            Filesize

            60KB

          • memory/884-9-0x0000000000E90000-0x0000000000E9F000-memory.dmp

            Filesize

            60KB

          • memory/884-15-0x0000000002490000-0x00000000024A0000-memory.dmp

            Filesize

            64KB

          • memory/884-16-0x0000000000E90000-0x0000000000E9F000-memory.dmp

            Filesize

            60KB

          • memory/4344-5-0x00000000024C0000-0x00000000024CF000-memory.dmp

            Filesize

            60KB

          • memory/4344-2-0x00000000024C0000-0x00000000024CF000-memory.dmp

            Filesize

            60KB

          • memory/4344-0-0x00000000024B0000-0x00000000024BF000-memory.dmp

            Filesize

            60KB

          • memory/4344-6-0x00000000024D0000-0x00000000024E0000-memory.dmp

            Filesize

            64KB

          • memory/4344-8-0x00000000024B0000-0x00000000024BF000-memory.dmp

            Filesize

            60KB

          • memory/4344-7-0x0000000000EB0000-0x0000000000EEA000-memory.dmp

            Filesize

            232KB