Analysis

  • max time kernel
    148s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 00:56

General

  • Target

    656e1f70891e4a2c77a1f58cb4446a83_JaffaCakes118.exe

  • Size

    107KB

  • MD5

    656e1f70891e4a2c77a1f58cb4446a83

  • SHA1

    4d2e950535237f92aabf712863c7a6f00d93d17f

  • SHA256

    ddbc8b5d72af93b39727f2a26efae6aca2127b933f600c6213435a91542d0ed0

  • SHA512

    8e707d3b20b17c611436e098debd8b8602dd19a51d6fbeebd090f6bed7ef874c9e885c75fe95f09ecaa112542bc9c9abb11ebd5b9cc5427386047d3a46913f7e

  • SSDEEP

    1536:vvA3k5x9zTF9V1GfCpq+j+zU8wrHvg+jjNVJAgUKT8W2cK3wy/8l/epYnHvIqvIM:Fx9PrbRrH/jhVJAzKTCx37s/fnA/aSg

Score
10/10

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\656e1f70891e4a2c77a1f58cb4446a83_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\656e1f70891e4a2c77a1f58cb4446a83_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Users\Admin\AppData\Local\Temp\656e1f70891e4a2c77a1f58cb4446a83_JaffaCakes118.exe
      --6a9ac4fd
      2⤵
      • Suspicious behavior: RenamesItself
      PID:1836
  • C:\Windows\SysWOW64\licsprompt.exe
    "C:\Windows\SysWOW64\licsprompt.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Windows\SysWOW64\licsprompt.exe
      --14e15ea3
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:4428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1836-5-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

  • memory/1836-6-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

  • memory/1836-10-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/2432-0-0x0000000002020000-0x0000000002031000-memory.dmp

    Filesize

    68KB

  • memory/2432-1-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/2432-4-0x0000000002020000-0x0000000002031000-memory.dmp

    Filesize

    68KB

  • memory/4356-7-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

  • memory/4428-12-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

  • memory/4428-13-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

  • memory/4428-16-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

  • memory/4428-17-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB