Overview

overview

10

Static

static

3

8ccdf88570...18.exe

windows7-x64

10

8ccdf88570...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12-08-2024 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ccdf8857054fa2efc455b69258956a6_JaffaCakes118.exe

  • Size

    376KB

  • MD5

    8ccdf8857054fa2efc455b69258956a6

  • SHA1

    58bfe73edcb7c862e73bd35c6587ef12497295a1

  • SHA256

    9e30fdfa70ce4289e48461c2862f1806e79633c0416fff1832a30d665ce7c1e8

  • SHA512

    09a90013195ee2e9421681b81da399797de69f7bef96144a47bdc28d015b3b6331d65b7c3438a4ac6f8145181730412f15db39d74fe050cd88adfd5475fd25f1

  • SSDEEP

    6144:jfYte9zBUGBIVKH1yF2idZecnl20lHRxp3g/KzXHwxrE7eMsSgmLVFweF4X3Y:EUFBGVKVuF3Z4mxxmKjQxw73sSgmLVyw

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 3 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Drops file in Drivers directory 2 IoCs
  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: LoadsDriver 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ccdf8857054fa2efc455b69258956a6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8ccdf8857054fa2efc455b69258956a6_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Server Software Component: Terminal Services DLL
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:2204
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Drops file in Drivers directory
    • Deletes itself
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\259628501_res.tmp
    Filesize

    98KB

    MD5

    11c87eb71cfc66f301fc71ea457c8ccf

    SHA1

    8a76ec66dfda3de07a55c483cf8ca899a49128fa

    SHA256

    c543d6db3adb34bf4b6619a1d9a317ad952294174bb12bc55ad2ccd330dbf3ad

    SHA512

    fbabb9889a13524f745c3e0e2ecf35227ed25d8dea1e9f037a48f1fa76d891ca8875a3e28ff2f2cdf38e59e858e28c6575be62c12c825e3979c7595b11647c97

    Download Submit

  • \Users\Admin\AppData\Local\Temp\259628423_ex.tmp
    Filesize

    98KB

    MD5

    453cdd459580ab931813287f3bb170d3

    SHA1

    28d443b1ba4c0a151c8d2516697bb6162d118607

    SHA256

    f410f8fc989b34a8b08585014a08dfb060122f01cc4b4e6d9fbf70a68bd9aac5

    SHA512

    7666319f6ed58261682dab008b194f2dd73c5ededbb86389fe999178b57a028b1888545b51d44d1fa5887bcfabed2c08ade519ebd7fa325767fd7cec858ee423

    Download Submit

  • memory/2204-29-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-1-0x00000000004D0000-0x0000000000524000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2204-21-0x0000000000560000-0x0000000000561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-20-0x0000000001F20000-0x0000000001F21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-19-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-18-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-27-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-16-0x0000000000550000-0x0000000000551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-15-0x0000000001DF0000-0x0000000001DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-14-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-13-0x0000000000590000-0x0000000000591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-12-0x0000000003180000-0x0000000003182000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2204-11-0x00000000004C0000-0x00000000004C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-10-0x0000000003190000-0x0000000003191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-39-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2204-22-0x0000000001F90000-0x0000000001F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-17-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-26-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-25-0x0000000001F40000-0x0000000001F41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-24-0x0000000001F50000-0x0000000001F51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-9-0x0000000003190000-0x0000000003191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-8-0x0000000000490000-0x0000000000491000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-7-0x00000000004A0000-0x00000000004A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-6-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-5-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-4-0x00000000004B0000-0x00000000004B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-3-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-2-0x0000000000480000-0x0000000000481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-23-0x0000000001F70000-0x0000000001F71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-28-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-40-0x00000000004D0000-0x0000000000524000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2204-0-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download