Overview

overview

10

Static

static

3

639066f415...18.exe

windows7-x64

10

639066f415...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 14:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    639066f415f7a4dc58e1890975e9fcc5_JaffaCakes118.exe

  • Size

    564KB

  • MD5

    639066f415f7a4dc58e1890975e9fcc5

  • SHA1

    b97a2f3afbf5b09e155cd99d035cf6f2e3f347f2

  • SHA256

    9bac39b4b986f2f96008c4c6c05cf72ddc6398d99d874525058b654b52cfd64d

  • SHA512

    7d671232f99178c708ba3cb47e93e14046bbd9ec5a27942156ec07d2911be9b4f43cd56b9a2d2eb8cb71e3f7c25d6ebfbeab4ab15ae7501cf368aee06c00f38e

  • SSDEEP

    12288:Rb3RoudOSY3hsmJ6LQ3j2rBFr55AoOiMsos1kubd:Rb3RrdOSKRJ6LQ3j2NFrTHZNJbd

Score
10/10
formbooki01ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

i01

Decoy

viagensbaratasonline.com

lacuevaelmirlo.net

genevaly.com

analpornolariizle.com

rupee.network

pay69645.com

superhsr.com

foammemorymattress.com

jolded.com

bbb684.com

diabetessimplesweet.com

bybeast.com

keut.world

xxjj10.com

youde-88.com

highkickproductions.com

beijingzhjy.com

partnership-aid.com

sehorecollegesehore.com

wangluopay.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\639066f415f7a4dc58e1890975e9fcc5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\639066f415f7a4dc58e1890975e9fcc5_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of UnmapMainImage
    PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1764-5-0x0000000000400000-0x000000000042A000-memory.dmp
    Filesize

    168KB

    Download
  • memory/1764-7-0x0000000077611000-0x0000000077712000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1764-4-0x0000000003900000-0x0000000003940000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1764-3-0x0000000003900000-0x0000000003940000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1764-8-0x0000000077610000-0x00000000777B9000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/1764-10-0x0000000077610000-0x00000000777B9000-memory.dmp
    Filesize

    1.7MB

    Download