Overview

overview

10

Static

static

3

634abd29ab...18.exe

windows7-x64

10

634abd29ab...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    634abd29ab5f0ca9608ba660f6518f31_JaffaCakes118.exe

  • Size

    380KB

  • MD5

    634abd29ab5f0ca9608ba660f6518f31

  • SHA1

    4cb24f4e8020a603f950de37fd6f2a4418796bdc

  • SHA256

    14228af808c89b5e1fe2229e512bd036e33fbabea3b2a90ba8f884fe8c6c7357

  • SHA512

    a1111877ce348931cc4037bd0798f4947557379a7390948c61841391db623960475ae14812309d6bd01916fb4f9b4cea27b8f684bb54b268ff725f4c6d99445a

  • SSDEEP

    3072:/OvSgKVssaHwsdVXBVb4hssL86Qzrsut0e/x5J/JPBOysL5smLy/+dIL:/OvSnVywsdbzK6P/xhBKLo

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 19 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\634abd29ab5f0ca9608ba660f6518f31_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\634abd29ab5f0ca9608ba660f6518f31_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\634abd29ab5f0ca9608ba660f6518f31_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\634abd29ab5f0ca9608ba660f6518f31_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:2300
  • C:\Windows\SysWOW64\graphrule.exe
    "C:\Windows\SysWOW64\graphrule.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\SysWOW64\graphrule.exe
      "C:\Windows\SysWOW64\graphrule.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-6-0x0000000000270000-0x0000000000280000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-5-0x0000000000320000-0x0000000000337000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1688-0-0x0000000000340000-0x0000000000357000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1688-14-0x0000000000320000-0x0000000000337000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1688-4-0x0000000000340000-0x0000000000357000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2300-29-0x00000000008C0000-0x0000000000925000-memory.dmp
    Filesize

    404KB

    Download
  • memory/2300-11-0x0000000000270000-0x0000000000287000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2300-7-0x0000000000270000-0x0000000000287000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2300-13-0x0000000000290000-0x00000000002A0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2300-12-0x0000000000250000-0x0000000000267000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2300-30-0x0000000000250000-0x0000000000267000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2652-15-0x0000000000340000-0x0000000000357000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2652-20-0x0000000000320000-0x0000000000337000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2652-21-0x0000000000840000-0x0000000000850000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2652-19-0x0000000000340000-0x0000000000357000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2740-26-0x0000000000500000-0x0000000000517000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2740-22-0x0000000000500000-0x0000000000517000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2740-28-0x0000000000330000-0x0000000000340000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2740-27-0x0000000000310000-0x0000000000327000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2740-31-0x0000000000310000-0x0000000000327000-memory.dmp
    Filesize

    92KB

    Download