Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10-05-2024 04:43
Static task
static1
Behavioral task
behavioral1
Sample
2d6709d2c3626c62f0bcd11c2ce45ebd_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
2d6709d2c3626c62f0bcd11c2ce45ebd_JaffaCakes118.exe
-
Size
529KB
-
MD5
2d6709d2c3626c62f0bcd11c2ce45ebd
-
SHA1
d929f328caa3e3ede0f5d9ccac102c7dbf41215b
-
SHA256
6217d81542fa81be4ac03f16b9d14ec0f0622818d096e4e49db0940a41e668cf
-
SHA512
37cfc1cd0ec8b9ae54aa58da227a0e1c44edfbfb48a8e570e179153963e8284b2d63fbc91368cc0ef70f6b877eff0d2af3b97f5d9884b74f243628e76b625dce
-
SSDEEP
12288:hLffr2Ml4HvOFsY8BY3aqWtRd26qfcu6AC/:pfKLYse3iwfqn
Malware Config
Extracted
formbook
3.9
ai
blutopiamedia.com
kamprehend.com
alexvie.com
erimii.com
zunbao290.com
tongxing.ink
ma-source-zen-sophrologie.com
rolandinthemountains.com
dsydzx.com
adsofsynergy.com
qewrad.com
buildingassets.biz
georgeskoogdds.com
grifesesporte.com
udp-corp.com
wpsuite.tech
angbaikan.com
629manbetx.com
guoxiangkc.com
girlincopenhagen.online
babaciftlik.com
africasportsassociation.com
customautobodylagunabeach.com
mallorydibartolo.com
cristianmonterroso.com
vancouverlocalseo.com
891opebet.com
thetaildoesnotwagthedog.info
cepapar.info
lafargecomores.com
lilouprint.com
whistlesukshop.com
tv17144.info
ultranor.com
idahohouseinspector.biz
the-snapeat.com
jerrycookfortrustee.com
hs01052405802.com
wwwjs4499.com
chipatolisaheb.net
rockviolin.net
spablb.info
urbanmanufacturingalliance.info
droneparkoneflorida.com
brimirror.com
dreamcatcher.events
5iasni.biz
destinationstv.online
palinka.link
gurufaces.com
mariapiacoppari.com
survivalzip.info
small-goods.com
oportunidadentendencia.com
dnsware.net
jtflight.com
pixelkitchen.ltd
cloutkast.com
lgdigitalfactory.com
huigeche.com
healthcoachstacey.com
testaddnewdomains.com
litcrossings.com
tianhengyiqishebei.com
paixer.com
Signatures
-
Formbook payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2876-1-0x0000000000B70000-0x0000000000BF7000-memory.dmp formbook behavioral1/memory/2876-3-0x0000000003360000-0x0000000003663000-memory.dmp formbook -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
2d6709d2c3626c62f0bcd11c2ce45ebd_JaffaCakes118.exepid process 2876 2d6709d2c3626c62f0bcd11c2ce45ebd_JaffaCakes118.exe