Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25-05-2024 07:37
General
-
Target
7146abc7e87f02c48e85cb903a197b6f_JaffaCakes118.exe
-
Size
215KB
-
MD5
7146abc7e87f02c48e85cb903a197b6f
-
SHA1
da9a9e256e5a37be885f306831ba7637d305e36b
-
SHA256
96be5b3103eabba9015ff9a80543e63540a8ac3ac6b979f527af0f2e5d06b0f2
-
SHA512
1f1295fe6de58497b887a86fa5df42900009ffbf771436dcbebdc50945d94de4ff013112ca70d114e6f0dcda0ec58897313ac3152e7bcca6d838d3ce7996f0a0
-
SSDEEP
3072:1myVc6uHa8yCjHyMOt2zsanfsQZpw/lDp2bJ:LC9LTjHyMNfnfsQE/1W
Score
10/10
Malware Config
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7146abc7e87f02c48e85cb903a197b6f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7146abc7e87f02c48e85cb903a197b6f_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7146abc7e87f02c48e85cb903a197b6f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7146abc7e87f02c48e85cb903a197b6f_JaffaCakes118.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\shlphid.exe"C:\Windows\SysWOW64\shlphid.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\shlphid.exe"C:\Windows\SysWOW64\shlphid.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/228-4-0x00000000003B0000-0x00000000003C7000-memory.dmpFilesize
92KB
-
memory/228-6-0x00000000003D0000-0x00000000003E0000-memory.dmpFilesize
64KB
-
memory/228-5-0x0000000000390000-0x00000000003A7000-memory.dmpFilesize
92KB
-
memory/228-0-0x00000000003B0000-0x00000000003C7000-memory.dmpFilesize
92KB
-
memory/1608-20-0x00000000017C0000-0x00000000017D0000-memory.dmpFilesize
64KB
-
memory/1608-28-0x0000000001780000-0x0000000001797000-memory.dmpFilesize
92KB
-
memory/1608-14-0x00000000017A0000-0x00000000017B7000-memory.dmpFilesize
92KB
-
memory/1608-18-0x00000000017A0000-0x00000000017B7000-memory.dmpFilesize
92KB
-
memory/1608-19-0x0000000001780000-0x0000000001797000-memory.dmpFilesize
92KB
-
memory/3800-26-0x0000000001540000-0x0000000001557000-memory.dmpFilesize
92KB
-
memory/3800-25-0x00000000019E0000-0x00000000019F7000-memory.dmpFilesize
92KB
-
memory/3800-21-0x00000000019E0000-0x00000000019F7000-memory.dmpFilesize
92KB
-
memory/3800-27-0x0000000001560000-0x0000000001570000-memory.dmpFilesize
64KB
-
memory/3800-31-0x0000000001540000-0x0000000001557000-memory.dmpFilesize
92KB
-
memory/4576-13-0x00000000003F0000-0x0000000000400000-memory.dmpFilesize
64KB
-
memory/4576-8-0x0000000000B60000-0x0000000000B77000-memory.dmpFilesize
92KB
-
memory/4576-12-0x0000000000B60000-0x0000000000B77000-memory.dmpFilesize
92KB
-
memory/4576-7-0x0000000000720000-0x0000000000737000-memory.dmpFilesize
92KB
-
memory/4576-29-0x0000000000310000-0x0000000000349000-memory.dmpFilesize
228KB
-
memory/4576-30-0x0000000000720000-0x0000000000737000-memory.dmpFilesize
92KB