Overview

overview

10

Static

static

3

d03185f82b...18.exe

windows7-x64

10

d03185f82b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-09-2024 18:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d03185f82b1ed66bd5ba3bf5c73c6ab6_JaffaCakes118.exe

  • Size

    228KB

  • MD5

    d03185f82b1ed66bd5ba3bf5c73c6ab6

  • SHA1

    4597c9c948d334daa6535e70152ee79e16334906

  • SHA256

    bae984ef6a0650c09f889ea10e687cc45192d1505b8c66b4f2bff1fe0ccf6fd4

  • SHA512

    00af1a8e8a5641a94025916f849161adc9f9abeab27556e0b0b702505ce55e57f8dafa2d34caf8249d3175640f7d7f1ba966b75c837804da9f59a923ffddf6a7

  • SSDEEP

    3072:IY7i9P50fPlwpHzAFE4nga4YKO1fUMqKXkbbd4b:TGDNzAZga4nx4a6

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

174.106.122.139:80

159.203.116.47:8080

173.249.6.108:443

104.236.246.93:8080

174.45.13.118:80

137.59.187.107:8080

94.200.114.161:80

37.187.72.193:8080

67.10.155.92:80

121.124.124.40:7080

24.43.99.75:80

75.139.38.211:80

109.74.5.95:8080

137.119.36.33:80

74.134.41.124:80

66.65.136.14:80

94.1.108.190:443

181.169.235.7:80

79.137.83.50:443

104.131.44.150:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d03185f82b1ed66bd5ba3bf5c73c6ab6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d03185f82b1ed66bd5ba3bf5c73c6ab6_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:3000
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4548,i,16315016104747277319,5510969007830467313,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:8
    1⤵
      PID:396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3000-4-0x00000000006D0000-0x00000000006E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3000-0-0x00000000006B0000-0x00000000006C2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3000-7-0x0000000000590000-0x000000000059F000-memory.dmp

      Filesize

      60KB

      Download