Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
11-09-2024 13:22
General
-
Target
da6f1dabce9dbefb31cf2304265cac72_JaffaCakes118.exe
-
Size
278KB
-
MD5
da6f1dabce9dbefb31cf2304265cac72
-
SHA1
6c50e56261c7548ef49058b33467f31a9004c89c
-
SHA256
4966995948c5710a64d5c8f8d2647077b5caddcd172a0ff49c9b918f687a575b
-
SHA512
974773f84d4e319ca77615b3bfd65d14375a5f4ed1131adda5bfe45f68bfc0072f71ad63265aa9ff008a9771e72df84684008a11cbaf1e9afa338344d23e099c
-
SSDEEP
6144:VVcy1IYDj01I8b/2Hn6hk+53tUZkbMVMBajKvbannnZy:VGCI2j0egJkU3kkgV5jKvb
Malware Config
Extracted
cobaltstrike
0
http://3.3.3.3:89/___utm.gif
-
access_type
256
-
create_remote_thread
768
-
host
3.3.3.3,/___utm.gif
-
http_header1
AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAAAoAAAAbaG9zdDogUWJhbGxSVC5henVyZWVkZ2UubmV0AAAABwAAAAAAAAANAAAAAgAAAAZfX3V0bWEAAAAFAAAABXV0bWNjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAABwAAAAAAAAACAAAABlVBLTIyMAAAAAEAAAACLTIAAAAFAAAABXV0bWFjAAAACQAAAAd1dG1jbj0xAAAACQAAABB1dG1jcz1JU08tODg1OS0xAAAACQAAAA91dG1zcj0xMjgweDEwMjQAAAAJAAAADHV0bXNjPTMyLWJpdAAAAAkAAAALdXRtdWw9ZW4tVVMAAAAKAAAAG2hvc3Q6IFFiYWxsUlQuYXp1cmVlZGdlLm5ldAAAAAcAAAABAAAADQAAAAIAAAAGX191dG1hAAAABQAAAAV1dG1jYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
GET
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
5000
-
port_number
89
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWcQk6EBdEzEZedItvAqhlutbDOFlMiCnFlJ/hVvOnlgAti7Ajc7nBIIglO8czXsKebovdn1SgQlYmc8Uz33yhGK/eDoUFa087YJPocDsul8Jry3oUMHsvq+U8YCT5GvAq7E9bU1QUK/w7AVIQ82fWGRzOABvMPgtNV+7G0ZYgmwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.71092736e+08
-
unknown2
AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/__utm.gif
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)
-
watermark
0
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\da6f1dabce9dbefb31cf2304265cac72_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\da6f1dabce9dbefb31cf2304265cac72_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
-
Filesize
268KB
-
Filesize
300KB
-
Filesize
268KB