Overview

overview

10

Static

static

3

6400dce0bc...18.exe

windows7-x64

10

6400dce0bc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6400dce0bcaa984502231c1a8ca4bcdd_JaffaCakes118.exe

  • Size

    536KB

  • MD5

    6400dce0bcaa984502231c1a8ca4bcdd

  • SHA1

    c9961928d0c2cec15cc762e0e384c8d22889cc9f

  • SHA256

    0f1d8850800e71e21ea5b4cf6368ff5aafd1bd9cd0b5280388767a27e04b3d80

  • SHA512

    c1dcf5124286b2e12e9be5b538c02ada49e3a4dda434c082fb503b618d1c9dac401f7cc24df2b72c6847a4dd791193c39b48c88a2f7123317c84387d11ab2394

  • SSDEEP

    6144:zk0N1y0dq91FBQSeEke3SIs7pZpXEuV/bF7aS7/WTrYBRk:zk0Nk91rrh8ZpXr9B7P700BRk

Score
10/10
formbookjsratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

js

Decoy

invisibleladder.com

kidswaronwaste.com

simonmillers.com

samincraft.com

cranesworld.com

nvagencia.com

descargapp.info

paidconsumersurveys.net

carnivalofsong.com

htours.net

odytjm.tech

nationalimmobilier.com

fbbhrk.info

aaabbb.xyz

jbnkgame2.info

dma777.com

shpzjr.com

dakarrepuestos.com

kaibo.info

theopulentco.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6400dce0bcaa984502231c1a8ca4bcdd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6400dce0bcaa984502231c1a8ca4bcdd_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of UnmapMainImage
    PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-3-0x0000000000340000-0x0000000000345000-memory.dmp
    Filesize

    20KB

    Download
  • memory/2000-5-0x0000000000400000-0x000000000042A000-memory.dmp
    Filesize

    168KB

    Download
  • memory/2000-4-0x0000000077191000-0x0000000077292000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2000-9-0x0000000077190000-0x0000000077339000-memory.dmp
    Filesize

    1.7MB

    Download