xtremerat | 2acb4f4c525ac40d1c2d70a0c016728c06b603d520eeef60b93a019b092e1ad7

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 01:21

Target

4c39bb58b5938a2721d07a973bdf47d7_JaffaCakes118.exe
Size

65KB
MD5

4c39bb58b5938a2721d07a973bdf47d7
SHA1

803e1e0469d93efe8d83b779c495d7e10804af83
SHA256

2acb4f4c525ac40d1c2d70a0c016728c06b603d520eeef60b93a019b092e1ad7
SHA512

ccb3a80941af97c04650a806b99b4cb66ff3c969577ca053ec4b77c22dd6e37b488e58e06761943b5b486e5bba00b0c0bc16ef8b3590419837243d0755a0cd01
SSDEEP

768:N8m1Sq4NQErBsH1tzoisBKQI6dObAG/dq8uW29Ifnc6/yyR+P2ujfriZKPA+7Xo4:psq+QV4rObAdXWpffyD7ozNwi9oAO

Score

10^/10

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/2732-0-0x0000000010000000-0x000000001004A000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2780	2732	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2780	2732	4c39bb58b5938a2721d07a973bdf47d7_JaffaCakes118.exe	30
PID 2732 wrote to memory of 2780	2732	4c39bb58b5938a2721d07a973bdf47d7_JaffaCakes118.exe	30
PID 2732 wrote to memory of 2780	2732	4c39bb58b5938a2721d07a973bdf47d7_JaffaCakes118.exe	30
PID 2732 wrote to memory of 2780	2732	4c39bb58b5938a2721d07a973bdf47d7_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\4c39bb58b5938a2721d07a973bdf47d7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4c39bb58b5938a2721d07a973bdf47d7_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 160
  2⤵
  - Program crash
  PID:2780

memory/2732-0-0x0000000010000000-0x000000001004A000-memory.dmp

Filesize
296KB

Download