Malware Analysis Report

2024-09-22 22:19

Sample ID 240618-hvlstawejr
Target ba5553b784d5d3162a82235d2f45069d_JaffaCakes118
SHA256 2f19f9b4c3618aedd4a1d338ab55e7e6b087bba658fd25002aac5cfe67547f3c
Tags
emotet epoch1 banker trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2f19f9b4c3618aedd4a1d338ab55e7e6b087bba658fd25002aac5cfe67547f3c

Threat Level: Known bad

The file ba5553b784d5d3162a82235d2f45069d_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

emotet epoch1 banker trojan

Emotet

Emotet payload

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-18 07:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 07:03

Reported

2024-06-18 07:06

Platform

win10v2004-20240508-en

Max time kernel

128s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba5553b784d5d3162a82235d2f45069d_JaffaCakes118.exe"

Signatures

Emotet

trojan banker emotet

Emotet payload

trojan banker
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ba5553b784d5d3162a82235d2f45069d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ba5553b784d5d3162a82235d2f45069d_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 174.100.27.229:80 tcp
US 209.126.6.222:8080 tcp
GB 5.153.250.14:8080 tcp
US 192.241.146.84:8080 tcp
TR 95.9.180.128:80 tcp
PL 77.55.211.77:8080 tcp

Files

memory/1696-0-0x00000000021F0000-0x00000000021FC000-memory.dmp

memory/1696-4-0x0000000002120000-0x0000000002129000-memory.dmp

memory/1696-5-0x00000000021F0000-0x00000000021FC000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 07:03

Reported

2024-06-18 07:06

Platform

win7-20240221-en

Max time kernel

129s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba5553b784d5d3162a82235d2f45069d_JaffaCakes118.exe"

Signatures

Emotet

trojan banker emotet

Emotet payload

trojan banker
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ba5553b784d5d3162a82235d2f45069d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ba5553b784d5d3162a82235d2f45069d_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 174.100.27.229:80 tcp
US 174.100.27.229:80 tcp
US 209.126.6.222:8080 tcp
US 209.126.6.222:8080 tcp
GB 5.153.250.14:8080 tcp
GB 5.153.250.14:8080 tcp

Files

memory/2068-4-0x0000000000260000-0x0000000000269000-memory.dmp

memory/2068-1-0x0000000000310000-0x000000000031C000-memory.dmp

memory/2068-5-0x0000000000310000-0x000000000031C000-memory.dmp