Overview

overview

10

Static

static

3

2c7bad4f4a...18.exe

windows7-x64

10

2c7bad4f4a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2024 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c7bad4f4a4df3025aa1345db27c7408_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    2c7bad4f4a4df3025aa1345db27c7408

  • SHA1

    93d7fe1ec1f49e1e18c052050e7ff5df4bff4b2c

  • SHA256

    b9510e4484fa7e3034228337768176fce822162ad819539c6ca3631deac043eb

  • SHA512

    c23e5d44ca6649d6bb1e227648a6256e9ab81ac4405e748c58bc01105244aa55c3baa592dffe300d4aaafec6663a8cd839e322fd2b3fc98aff117797b0b29d62

  • SSDEEP

    6144:zLkD+fqCNAl8aVuMULdQrdas2gQntcgMly5CjrjZZ6AnR6e:zYD+iCNAl/HULdQrRfQnegMlcCjeAnRv

Score
10/10
plugxtrojan

Malware Config

Signatures

  • Detects PlugX payload 20 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c7bad4f4a4df3025aa1345db27c7408_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2c7bad4f4a4df3025aa1345db27c7408_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Users\Admin\AppData\Local\Temp\HID\SOUNDMAN.exe
      "C:\Users\Admin\AppData\Local\Temp\HID\SOUNDMAN.exe" 100 4356
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2908
  • C:\ProgramData\SOUNDMAN\SOUNDMAN.exe
    C:\ProgramData\SOUNDMAN\SOUNDMAN.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4664
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      2⤵
      • Deletes itself
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4196
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\SysWOW64\msiexec.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\SxS\bug.log
    Filesize

    456B

    MD5

    f3b1500141e16b0be340e29f9c2c9818

    SHA1

    f2c2a8a5c9ee53ae551e5a8ac5f10e25327f42bf

    SHA256

    831f307c1688c876130a90a1e2e0557b398f8424b40cc04cfdd8cc18ff7d38cf

    SHA512

    95830d229b4ee8d2064b5068f44ce2f1925900aaaf0dc6eadfedd3f9d4b1a9ffc18cf4a57d63a2798710f877f337fb91e66fbacd104cdb0fa4a3c4d9df895af8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\HID\HID.DLL
    Filesize

    41KB

    MD5

    89fb8ee88cfd469e14bc7493d78b70c4

    SHA1

    0f431b38ef83728e71aa044b06da6e8f989cfbbd

    SHA256

    a8099c7b3748c3b1bff3cd477f3c29bba86ebb6797a08f89f3a661df820adf51

    SHA512

    2e0f4838d8edc15e11410f23557dd96cf56ec1e9ad649d50314a3715a66d2adbd7de2ecf19c722df2f9833eee5db15db5b3cfa894e9a3a7df8c0abad2725f1ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\HID\HID.DLLx
    Filesize

    116KB

    MD5

    bfebe419cf071d70389dd40f511c26b6

    SHA1

    6802ff3f728a0c84c55aea1993101261b84ca839

    SHA256

    58302863ae0df9afd3bd8e2746550bf87531d8729c45bb433ee216c66b953094

    SHA512

    1df5d20eff499150add83444474191527158cc6ab00c67b04ccdb113116689446a2a9bb45e26f99a7e6741093e2026e15dd6c390e962591287c450d2f09883ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\HID\SOUNDMAN.exe
    Filesize

    82KB

    MD5

    798c0c1ff4e0fce646ca82ae0379ccb0

    SHA1

    3f65f997f350a59ac67e432092cf7f5cfe94a701

    SHA256

    54d08331f511823755cbbac3aad698bbcdfcde71f47b827dcfc6ada89e753d80

    SHA512

    be7924f6179d774d0e4f91a6f044abbb12e9cbf1e19a49e115da5a2eeedbe4c0b29879cf41008d27d13fdb80963d846527d53721d94668719d1331bf1867de3e

    Download Submit

  • memory/920-76-0x0000000002DC0000-0x0000000002DEE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/920-64-0x0000000002DC0000-0x0000000002DEE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/920-65-0x0000000002D70000-0x0000000002D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/920-66-0x0000000002DC0000-0x0000000002DEE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/920-68-0x0000000001220000-0x0000000001221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/920-69-0x0000000002DC0000-0x0000000002DEE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/920-67-0x0000000002DC0000-0x0000000002DEE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2908-14-0x00000000022F0000-0x000000000231E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2908-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2908-42-0x00000000022F0000-0x000000000231E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2908-11-0x0000000000405000-0x0000000000406000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4196-44-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-34-0x0000000000430000-0x0000000000431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4196-56-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-57-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-61-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-63-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-55-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-84-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-35-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-36-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-54-0x0000000000430000-0x0000000000431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4196-73-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4196-70-0x0000000000B00000-0x0000000000B2E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4664-32-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4664-33-0x0000000000E80000-0x0000000000EAE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4664-37-0x0000000000E80000-0x0000000000EAE000-memory.dmp

    Filesize

    184KB

    Download