Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-10-2024 13:19

General

  • Target

    7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe

  • Size

    244KB

  • MD5

    7f57583bb712456c4352e068ab6e9184

  • SHA1

    0544387c5a3f5350bb8837bafb3f2663deaeb10c

  • SHA256

    ab5a5dd0ed8c853ca132ade226fa80b5241ab688d2b39a19bab5287d653b8544

  • SHA512

    d5a467c6f041a7d160c566669fc23558bdedd81e2de251cd2e8a0c4e1c5fe80a22be62086978bcbcf3f3be05562c66e8bf1f0388f4fd1bdb5a5e5e85042e2cd2

  • SSDEEP

    6144:b4xE4GmXC68gQzJnIGhxxjHRgZGXGZwf2XVO6:ES68ZzXvHO5ZW2lO6

Malware Config

Extracted

Family

simda

Attributes
  • dga

    gatyfus.com

    lyvyxor.com

    vojyqem.com

    qetyfuv.com

    puvyxil.com

    gahyqah.com

    lyryfyd.com

    vocyzit.com

    qegyqaq.com

    purydyv.com

    gacyzuz.com

    lygymoj.com

    vowydef.com

    qexylup.com

    pufymoq.com

    gaqydeb.com

    lyxylux.com

    vofymik.com

    qeqysag.com

    puzylyp.com

    gadyniw.com

    lymysan.com

    volykyc.com

    qedynul.com

    pumypog.com

    galykes.com

    lysynur.com

    vonypom.com

    qekykev.com

    pupybul.com

Signatures

  • Simda family
  • simda

    Simda is an infostealer written in C++.

  • Modifies WinLogon 2 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\346.tmp

    Filesize

    24KB

    MD5

    a19b22b13067480da79ea9f5e78bbde1

    SHA1

    096d62a600b2ce0a3041c27ca0cf672902c5e467

    SHA256

    ca4ff023cc7850a2fbc6426561c4924b3a06fcc276cdc4cf60746c087388d95b

    SHA512

    ea6e3c218bdc56d156683c4d024a0c0e00b628af42c9f7fcd837b95aba36a2d452fbe14440654b5c46cc8486279a599a47b69011c1257b44895d67caff761d49

  • C:\Users\Admin\AppData\Local\Temp\396.tmp

    Filesize

    1KB

    MD5

    8aeb3c3ed6df6d1489b61be4bb282c2f

    SHA1

    0eb1fd79669c8b54e338c5cf2145b3fe265c231e

    SHA256

    e107d4800424c74a05664fc1660ca9dff83146d4f288dc34ddb03639f5d29267

    SHA512

    a802bbefb667190982f6fe67b8cb6c7609ffc439d7edffda20c0de09c99819da1a370aad6bffff51d4fa91d369923d9d44b466040f4f3baad1f2d1e69cde9350

  • memory/2872-0-0x0000000000400000-0x0000000000596000-memory.dmp

    Filesize

    1.6MB

  • memory/2872-1-0x0000000000290000-0x00000000002E8000-memory.dmp

    Filesize

    352KB

  • memory/2872-2-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

  • memory/2872-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/2872-4-0x0000000001DE0000-0x0000000001E94000-memory.dmp

    Filesize

    720KB

  • memory/2872-6-0x0000000001DE0000-0x0000000001E94000-memory.dmp

    Filesize

    720KB

  • memory/2872-8-0x0000000001DE0000-0x0000000001E94000-memory.dmp

    Filesize

    720KB

  • memory/2872-10-0x0000000001DE0000-0x0000000001E94000-memory.dmp

    Filesize

    720KB

  • memory/2872-14-0x0000000001DE0000-0x0000000001E94000-memory.dmp

    Filesize

    720KB

  • memory/2872-15-0x0000000000400000-0x0000000000596000-memory.dmp

    Filesize

    1.6MB

  • memory/2872-12-0x0000000001DE0000-0x0000000001E94000-memory.dmp

    Filesize

    720KB

  • memory/2872-16-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-18-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-22-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-20-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-54-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-56-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-60-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-55-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-57-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-58-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-79-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-59-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-62-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-92-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-61-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-63-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-65-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-64-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-66-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-67-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-68-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-73-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-76-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-97-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-96-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-95-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-94-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-93-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-91-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-90-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-89-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-88-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-87-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-86-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-85-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-84-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-83-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-82-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-81-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-80-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-78-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-77-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-75-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-74-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-72-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-71-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-70-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-69-0x00000000027A0000-0x0000000002863000-memory.dmp

    Filesize

    780KB

  • memory/2872-218-0x0000000000290000-0x00000000002E8000-memory.dmp

    Filesize

    352KB

  • memory/2872-219-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB