Overview

overview

10

Static

static

3

682a308af7...18.exe

windows7-x64

10

682a308af7...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    682a308af795b0542426eb8519f3ea1f_JaffaCakes118.exe

  • Size

    736KB

  • MD5

    682a308af795b0542426eb8519f3ea1f

  • SHA1

    e91183813806c5a641824f717963c40b2df9b80c

  • SHA256

    fcf79460d76c4fb62b3176e31e80f5a2d308571a44b2febf4732753952437361

  • SHA512

    5471dad3c8b5daafd2e16b778c2b54104ad6c8a0c59ba3a77e0dfd9e37c9cf3a72cf7da54cc63904385793f74237101acad96ab3905243539bee96e8ce1f0220

  • SSDEEP

    6144:zTOud2PugbKPEP0B+c0LvVpOT1mTqpFpUYrER0u+GIIIIIIIhIIIIIIIIIIIIII3:zTOMgboLw9TTmpsm5

Score
10/10
formbookjsratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

js

Decoy

bensenmaoyi.com

baogold.com

ornellamultimedia.com

0-lqn5-x50-90bl4.com

nearmedesign.services

xuansenmuyi.com

tuktukdude.com

hedgepayday.com

0p0tenkey.men

tashanetea.com

candacehkang.com

benhvienphusansaigon.com

victoriasweitzer.com

lowellcremation.com

naturesgives.com

noengordar.com

mypictureparadise.com

upad.ltd

trailrack.com

stariptvitalia.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\682a308af795b0542426eb8519f3ea1f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\682a308af795b0542426eb8519f3ea1f_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of UnmapMainImage
    PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1868-2-0x0000000000400000-0x000000000042A000-memory.dmp
    Filesize

    168KB

    Download
  • memory/1868-4-0x0000000077A70000-0x0000000077B46000-memory.dmp
    Filesize

    856KB

    Download
  • memory/1868-6-0x0000000072940000-0x0000000072A60000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1868-7-0x000000000B130000-0x000000000B433000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1868-8-0x000000000B130000-0x000000000B433000-memory.dmp
    Filesize

    3.0MB

    Download