Analysis

  • max time kernel
    130s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-09-2024 02:24

General

  • Target

    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe

  • Size

    667KB

  • MD5

    e3d70dbffda3a5a2c15f50a6d59f6468

  • SHA1

    b97932a6e48d02edbf00d998c460fe71db9790a5

  • SHA256

    a11b78619571cae7d4556be2a2da0b8165054de18b4fcb899df510854dd70b9d

  • SHA512

    83b7d6f5c4f215e710828d2323a3327ad405c1113b8abee09722fe628ec6dc8e71c51cc6416b2080f77427124b0221573d31abf86e0f9025e4900e9545f2129c

  • SSDEEP

    12288:U2JhG//t8C5VCFSoDpaQlHfl6mCiWDaBMFCQoCGsq:U2JC/t8iVNoDgQVN6mCipttX

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

116.91.240.96:80

167.71.227.113:8080

190.85.46.52:7080

162.144.42.60:8080

202.166.170.43:80

95.216.205.155:8080

120.51.34.254:80

103.93.220.182:80

111.89.241.139:80

60.125.114.64:443

45.177.120.37:8080

185.86.148.68:443

75.127.14.170:8080

119.92.77.17:80

203.153.216.178:7080

172.96.190.154:8080

179.5.118.12:80

153.229.219.1:443

139.59.12.63:8080

115.79.195.246:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2668

Network

    No results found
  • 116.91.240.96:80
    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    152 B
    3
  • 116.91.240.96:80
    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    152 B
    3
  • 167.71.227.113:8080
    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 167.71.227.113:8080
    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 190.85.46.52:7080
    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    152 B
    3
  • 190.85.46.52:7080
    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    152 B
    3
  • 162.144.42.60:8080
    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    152 B
    3
  • 162.144.42.60:8080
    e3d70dbffda3a5a2c15f50a6d59f6468_JaffaCakes118.exe
    152 B
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2668-7-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

  • memory/2668-4-0x0000000000270000-0x0000000000280000-memory.dmp

    Filesize

    64KB

  • memory/2668-0-0x0000000000250000-0x0000000000262000-memory.dmp

    Filesize

    72KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.