Overview

overview

10

Static

static

10

d23b32b5d9...18.exe

windows7-x64

10

d23b32b5d9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-09-2024 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d23b32b5d9a1ddb4dace9c7f94f2c36b_JaffaCakes118.exe

  • Size

    272KB

  • MD5

    d23b32b5d9a1ddb4dace9c7f94f2c36b

  • SHA1

    46c595e580719a4c54f55b4041f81d6e50ab4062

  • SHA256

    3c26dd6817e143a4dd61ba134f037537da27d5df532840b721a5656e29111690

  • SHA512

    e1c7498f1a53d4280814e9e59cbbb33228261185c48289c16b554f3139a1404814fe1acd699f6899a0a2933781e87c7c54dea7a7d83a12edd71e46a14a5ed19d

  • SSDEEP

    3072:s/YfCR8cbcx0zQUeGMw70JXiRdTqltV4JNyK5n8Q3nT:sgflCcx0zQC70A+VayKn3nT

Score
10/10
anchordnsbackdoor

Malware Config

Signatures

  • AnchorDNS Backdoor

    A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.

    backdooranchordns
  • Detected AnchorDNS Backdoor 2 IoCs

    Sample triggered yara rules associated with the AnchorDNS malware family.

    backdoor

Processes

  • C:\Users\Admin\AppData\Local\Temp\d23b32b5d9a1ddb4dace9c7f94f2c36b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d23b32b5d9a1ddb4dace9c7f94f2c36b_JaffaCakes118.exe"
    1⤵
      PID:468

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/468-0-0x00007FF7BC360000-0x00007FF7BC3BE000-memory.dmp

      Filesize

      376KB

      Download

    • memory/468-1-0x00007FF7BC360000-0x00007FF7BC3BE000-memory.dmp

      Filesize

      376KB

      Download