Overview

overview

10

Static

static

3

656750f875...18.exe

windows7-x64

10

656750f875...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    129s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 00:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    656750f875112414a75fb4bf32a3353a_JaffaCakes118.exe

  • Size

    275KB

  • MD5

    656750f875112414a75fb4bf32a3353a

  • SHA1

    1f66bba3d8a9da44b0ebe7a84c7b240b6eba3705

  • SHA256

    761107a1e9e685c4bbce78c45111db8c0279bf530b123f5370620bcc6aa0b2bf

  • SHA512

    7cde504a285f343972877b3e50cad0fa4b0f558a987288832e88d8f1d08062bc1b379220480f760f8469f6d10423b29f19538fca1bd8acd5bafaa29fb7a9ae90

  • SSDEEP

    3072:WyZXE1FYZcYbV/wQvFUO+x33/mKOQ+/pclnNu8qLAZXNOp/PK7nbs5peTE0E925h:W0moc+VvFL+x33zORyI2OlPK7nbgpm9

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\656750f875112414a75fb4bf32a3353a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\656750f875112414a75fb4bf32a3353a_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Users\Admin\AppData\Local\Temp\656750f875112414a75fb4bf32a3353a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\656750f875112414a75fb4bf32a3353a_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:2852
  • C:\Windows\SysWOW64\refdbg.exe
    "C:\Windows\SysWOW64\refdbg.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Windows\SysWOW64\refdbg.exe
      "C:\Windows\SysWOW64\refdbg.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2568

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1232-15-0x0000000000160000-0x0000000000177000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1232-28-0x0000000000120000-0x0000000000137000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1232-20-0x0000000000140000-0x0000000000150000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1232-19-0x0000000000160000-0x0000000000177000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2568-27-0x0000000000100000-0x0000000000110000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2568-31-0x0000000000170000-0x0000000000187000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2568-21-0x0000000000170000-0x0000000000187000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2568-22-0x0000000000190000-0x00000000001A7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2568-26-0x0000000000190000-0x00000000001A7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2852-29-0x0000000000830000-0x0000000000879000-memory.dmp
    Filesize

    292KB

    Download
  • memory/2852-8-0x0000000000140000-0x0000000000157000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2852-13-0x0000000000160000-0x0000000000170000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2852-12-0x0000000000140000-0x0000000000157000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2852-7-0x0000000000120000-0x0000000000137000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2852-30-0x0000000000120000-0x0000000000137000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2924-14-0x00000000000B0000-0x00000000000C7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2924-6-0x0000000000130000-0x0000000000140000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2924-0-0x00000000000B0000-0x00000000000C7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2924-5-0x0000000000110000-0x0000000000127000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2924-1-0x0000000000110000-0x0000000000127000-memory.dmp
    Filesize

    92KB

    Download