Overview

overview

10

Static

static

3

fa9912b70f...18.exe

windows7-x64

10

fa9912b70f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2024 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa9912b70f8ca3d60f014f941fd10e05_JaffaCakes118.exe

  • Size

    544KB

  • MD5

    fa9912b70f8ca3d60f014f941fd10e05

  • SHA1

    295d5496327b0ceb34eaf045b41488adab30fe73

  • SHA256

    0c136a4c21cec7e7b9d67affe73a0aa858bb115b853df7a2be3bea8221a12345

  • SHA512

    c21a16494eb571e4d415914c4e9547879572ef9a5891086b318b51d0560f21566b5d81a2554054dbe68e37ac1168335d709c3fa0df3575113ca3de58c755c604

  • SSDEEP

    6144:1Tp3XYyIMYUTgOBeWoavwiU+yQ5g22222222222275WYyk:1Tp3XYBUEOBeGwiUvb5WYyk

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

107.5.122.110:80

199.101.86.6:443

45.55.219.163:443

62.30.7.67:443

185.94.252.104:443

203.117.253.142:80

93.51.50.171:8080

139.130.242.43:80

181.230.116.163:80

37.187.72.193:8080

194.187.133.160:443

167.86.90.214:8080

61.19.246.238:443

98.109.204.230:80

180.92.239.110:8080

121.124.124.40:7080

47.146.117.214:80

110.145.77.103:80

97.82.79.83:80

70.121.172.89:80
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa9912b70f8ca3d60f014f941fd10e05_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fa9912b70f8ca3d60f014f941fd10e05_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2356-0-0x00000000022A0000-0x00000000022A9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2356-1-0x0000000002330000-0x000000000233C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2356-5-0x0000000002330000-0x000000000233C000-memory.dmp

    Filesize

    48KB

    Download