Overview

overview

10

Static

static

1

aa00750f0d...18.exe

windows7-x64

10

aa00750f0d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa00750f0df31493289bf07719cefd5e_JaffaCakes118.exe

  • Size

    247KB

  • MD5

    aa00750f0df31493289bf07719cefd5e

  • SHA1

    3c5b53cea10a28b955d1224ec2d293c639874593

  • SHA256

    5c947115e5de28bf753bdf423b76cec09ab76f339c62058392b603391cbf461f

  • SHA512

    cc679227e4e137885cfbf475e89f5832cbb3009b2e95aba661b6f2c973bc56672480e3c695daca6acf825fafcc8bc7e667ab92eb81da2d1aeb7d66deb55d7704

  • SSDEEP

    3072:276owQOcspP2oUK8QXAu+0l66bddxcmFEwDZo+7H8/RhxzQiHAZsHFpEWz5DwbDV:WjO1d8EAu+0lRMFmHb6pEo8s3Eg5

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

217.8.117.114:4062

213.159.213.225:4062

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa00750f0df31493289bf07719cefd5e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\aa00750f0df31493289bf07719cefd5e_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3584
  • C:\ProgramData\nhcuvqk\vmpjsva.exe
    C:\ProgramData\nhcuvqk\vmpjsva.exe start
    1⤵
    • Executes dropped EXE
    PID:4036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\nhcuvqk\vmpjsva.exe
    Filesize

    247KB

    MD5

    aa00750f0df31493289bf07719cefd5e

    SHA1

    3c5b53cea10a28b955d1224ec2d293c639874593

    SHA256

    5c947115e5de28bf753bdf423b76cec09ab76f339c62058392b603391cbf461f

    SHA512

    cc679227e4e137885cfbf475e89f5832cbb3009b2e95aba661b6f2c973bc56672480e3c695daca6acf825fafcc8bc7e667ab92eb81da2d1aeb7d66deb55d7704

    Download Submit

  • memory/3584-0-0x0000000001660000-0x0000000001670000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3584-1-0x00000000016C0000-0x00000000016CB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3584-2-0x0000000077441000-0x0000000077561000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3584-3-0x00000000016C0000-0x00000000016CB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3584-8-0x0000000001660000-0x0000000001670000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4036-9-0x0000000001A40000-0x0000000001A4B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4036-10-0x0000000001A40000-0x0000000001A4B000-memory.dmp

    Filesize

    44KB

    Download