Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 16:42

General

  • Target

    ebc25e76c2086197bb78897cc6be8642_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    ebc25e76c2086197bb78897cc6be8642

  • SHA1

    329718e87976ed3ccd660f90d36e05ed9bc9c2ce

  • SHA256

    4901c2eb26cc12e6d550d2d266a86b9a850b7d1becfedb1ca991fce14d4d7ac9

  • SHA512

    ac64635e4c6617f3be60fdc2184fd8f743fcc3c1702ceeec6571b62e29787632952210405cac827f7aace8da78c21f33aacd42594078f813860ff06810b28000

  • SSDEEP

    24576:5mUNJyJqb1FcMap2ATT5mmUNJyJqb1FcMap2ATT5mmUNJyJqb1FcMap2ATT58:5mV2ApmmV2ApmmV2Ap8

Malware Config

Extracted

Family

simda

Attributes
  • dga

    gatyfus.com

    lyvyxor.com

    vojyqem.com

    qetyfuv.com

    puvyxil.com

    gahyqah.com

    lyryfyd.com

    vocyzit.com

    qegyqaq.com

    purydyv.com

    gacyzuz.com

    lygymoj.com

    vowydef.com

    qexylup.com

    pufymoq.com

    gaqydeb.com

    lyxylux.com

    vofymik.com

    qeqysag.com

    puzylyp.com

    gadyniw.com

    lymysan.com

    volykyc.com

    qedynul.com

    pumypog.com

    galykes.com

    lysynur.com

    vonypom.com

    qekykev.com

    pupybul.com

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • simda

    Simda is an infostealer written in C++.

  • Executes dropped EXE 1 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebc25e76c2086197bb78897cc6be8642_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ebc25e76c2086197bb78897cc6be8642_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3432

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\apppatch\svchost.exe

          Filesize

          1.0MB

          MD5

          a469791bbf741a0ec0b7e8d93d01dcfd

          SHA1

          e764c12e0f267aa2f04ed4211bf985f8d8623fb4

          SHA256

          3a242179acd78dd142d3d97e6d57322484f165672955eb46444778d2650c2952

          SHA512

          99a5f72c603f98ce0ea27fd8da073b4c2bf0f017bbb9265f7d1c3f3e9d2ebfdecb544e542ab744dcb8690ca3d5fd1f3d0558d2d1f85bc09d688ff9a1bf40e9c8

        • memory/3052-8-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

        • memory/3432-10-0x0000000002720000-0x00000000027C8000-memory.dmp

          Filesize

          672KB

        • memory/3432-13-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-15-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-14-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-11-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-53-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-60-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-73-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-72-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-71-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-70-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-69-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-67-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-66-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-65-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-64-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-63-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-62-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-61-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-59-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-58-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-57-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-56-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-55-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-54-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-52-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-51-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-50-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-49-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-48-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-47-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-46-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-45-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-44-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-43-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-42-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-40-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-39-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-38-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-37-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-36-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-35-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-34-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-33-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-32-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-31-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-30-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-29-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-27-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-26-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-25-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-24-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-23-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-22-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-21-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-20-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-19-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-18-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-17-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-68-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-41-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-28-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-16-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB

        • memory/3432-158-0x0000000002B40000-0x0000000002BF6000-memory.dmp

          Filesize

          728KB