Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 18:39

General

  • Target

    42e06d3213f0d6aa88948aae99165f2b_JaffaCakes118.exe

  • Size

    982KB

  • MD5

    42e06d3213f0d6aa88948aae99165f2b

  • SHA1

    9752c143519d8d17276f9da4e338fb9580f3c727

  • SHA256

    7ffcfe208773bc49ef7a0e832fe117592b8eaf83484ebc9cfe9c64eb354aadec

  • SHA512

    10d2bd239e2e019633af58e006d3d9084d6d1128742174dc729a8480b40e2e867cb2ab80c2a9b432fe959ecf294f203449f65b9d0e69ed967c2f1ef95a6d6860

  • SSDEEP

    24576:T77RYU6Z7iYtU+wkxB2ccN+Vrd9dgKUIU1mj:SRZ7iYtIvMpU1mj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t052

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

  • Formbook payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42e06d3213f0d6aa88948aae99165f2b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\42e06d3213f0d6aa88948aae99165f2b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Users\Admin\AppData\Local\Temp\42e06d3213f0d6aa88948aae99165f2b_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\42e06d3213f0d6aa88948aae99165f2b_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2504-6-0x0000000004480000-0x00000000044E2000-memory.dmp

    Filesize

    392KB

  • memory/2504-0-0x0000000073D0E000-0x0000000073D0F000-memory.dmp

    Filesize

    4KB

  • memory/2504-2-0x0000000073D00000-0x00000000743EE000-memory.dmp

    Filesize

    6.9MB

  • memory/2504-3-0x00000000007B0000-0x00000000007BA000-memory.dmp

    Filesize

    40KB

  • memory/2504-4-0x0000000073D0E000-0x0000000073D0F000-memory.dmp

    Filesize

    4KB

  • memory/2504-5-0x0000000073D00000-0x00000000743EE000-memory.dmp

    Filesize

    6.9MB

  • memory/2504-1-0x0000000000E40000-0x0000000000F3A000-memory.dmp

    Filesize

    1000KB

  • memory/2504-13-0x0000000073D00000-0x00000000743EE000-memory.dmp

    Filesize

    6.9MB

  • memory/2828-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2828-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

  • memory/2828-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2828-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2828-14-0x0000000000820000-0x0000000000B23000-memory.dmp

    Filesize

    3.0MB

  • memory/2828-15-0x0000000000820000-0x0000000000B23000-memory.dmp

    Filesize

    3.0MB