Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-09-2024 10:31
General
-
Target
f1d688be9e2a5fc6af4c629f52fc9a70_JaffaCakes118.exe
-
Size
291KB
-
MD5
f1d688be9e2a5fc6af4c629f52fc9a70
-
SHA1
1503f5fd7ca00b0c85269102b4478ca458217a2d
-
SHA256
74f09445e1a75b5faa7038d8ab371fd405766dd3d68dcd2eeb4c066e335a2566
-
SHA512
2ee77ce7a61d79fe5332c6b15e8e629f8bd4d9db8bce6aab5e5ab69e30962898a29a2f042531a819fe6aa3810b66983522c6b2c22f97bc47e3c3780fa21df705
-
SSDEEP
6144:4E0E0MKGK8IHE9L2ap5YbaxJaL+1UkQlZciQIRVovmhfSe1v:4E0E0M/0E9L2C5RJ3SksZckRYYfl
Malware Config
Extracted
formbook
3.9
jo
equipoarbitral.info
isoexercise.com
interactivenetworksystems.com
mozexnews.com
vkebfdkg.com
learntoearn.live
quomagazine.com
milkeknappford.com
missdailia.com
basames2009.com
babybirthdaycheers.com
philadelhiaflyers.com
saamcm.net
deyiclinic.com
politicalrubbish.com
1e0eighthell.men
buenosairespadelcourt.com
womenjiao.com
lubb26261.com
bastacasinosvenska.com
Signatures
-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 15 IoCs
-
Suspicious use of SendNotifyMessage 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f1d688be9e2a5fc6af4c629f52fc9a70_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f1d688be9e2a5fc6af4c629f52fc9a70_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
3.0MB
-
Filesize
3.0MB