Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 06:39 UTC

General

  • Target

    169082792420e874a70c624ab272fb3a_JaffaCakes118.exe

  • Size

    324KB

  • MD5

    169082792420e874a70c624ab272fb3a

  • SHA1

    1e80f99ace4f9971ecde4064a2e53fc971e60bd6

  • SHA256

    b6b874a0c9a219eb0beb1d09887e78167c57fe4ca746230382a52b574c9da081

  • SHA512

    8605b575c9e4697dafa4404558dc328fa6e356e303d8b7bbb5d1947ba1a6119224c5073d7961a760c2d21bbcf9ae2a2927f0b7a664417242f88ce4ee1dcb01b7

  • SSDEEP

    6144:cMCvF3QG2jgIBVNsY9rgTkTi5xJizjZn5+KzcXY156X6xieJ:cHtgG2jbVNLE7ajZn5+dY1IKx

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

  • Formbook payload 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\169082792420e874a70c624ab272fb3a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\169082792420e874a70c624ab272fb3a_JaffaCakes118.exe"
    1⤵
      PID:2296

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2296-2-0x0000000000230000-0x0000000000330000-memory.dmp

      Filesize

      1024KB

    • memory/2296-1-0x0000000000400000-0x0000000000880000-memory.dmp

      Filesize

      4.5MB

    • memory/2296-4-0x0000000000400000-0x0000000000880000-memory.dmp

      Filesize

      4.5MB

    • memory/2296-3-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.