Overview

overview

10

Static

static

3

fac01ac50a...18.exe

windows7-x64

10

fac01ac50a...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    0s
  • max time network
    4s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2024 08:08

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    fac01ac50a6254ed05db034d295ab301_JaffaCakes118.exe

  • Size

    373KB

  • MD5

    fac01ac50a6254ed05db034d295ab301

  • SHA1

    f93bd6f6d9274903a512a7526395de9ff5805b51

  • SHA256

    239b33dea14938ea65420636a8e104208ba81579348482af1f7c7c8911883af7

  • SHA512

    f8f7126c106b649e3ae20be3677a62647ef160d235313c7fbee608af3ccc78e737d89da8ea9d8ec0889d8c514248f475e60450e70e290190fb89d2bc2ad670ff

  • SSDEEP

    6144:2bN8NUMcpstzpvjJ7fRJAfXYgyHskta/zJ9AI1JQ0DUL:FNUvsNprJfAEHsktEuGS0oL

Score
10/10
cycbotbackdoorratupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 1 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\fac01ac50a6254ed05db034d295ab301_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fac01ac50a6254ed05db034d295ab301_JaffaCakes118.exe"
    1⤵
      PID:2108
      • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\bpfull.exe
        "C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\bpfull.exe"
        2⤵
          PID:2468
        • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\2 Gansta.exe
          "C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\2 Gansta.exe"
          2⤵
            PID:1700
          • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\3IC.exe
            "C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\3IC.exe"
            2⤵
              PID:4324
            • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\R2R.exe
              "C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\R2R.exe"
              2⤵
                PID:2972
                • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\R2R.exe
                  C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\R2R.exe startC:\Users\Admin\AppData\Roaming\conhost.exe%C:\Users\Admin\AppData\Roaming
                  3⤵
                    PID:2360

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\2 Gansta.exe
                Filesize

                6KB

                MD5

                bee76c79e2e63e198038e01f0d571038

                SHA1

                fcffdd6bb030f516a46e9d303ebae2ab33af222e

                SHA256

                50a3c7134460bfe5f2840bd8dc957edfaa76da5beaaff70f8da5e0fef80ae876

                SHA512

                dd2e9488ad365c02722e1a2466acffb8beaf4dbb68d7093e01c50cd915418ca0642cb6bdd43f2f2b014455803f3c69dec24ca9dfee11bdf7790379181cd2f6f9

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\3IC.exe
                Filesize

                219KB

                MD5

                db592037b5526080b12b57dde54ccbc8

                SHA1

                8d5472e088c07641e26ade451d251745c7030fd8

                SHA256

                d6b46a9ea3a5843e53e7a90d389f9e6061ebecfb197b7da6248f2876d15d6007

                SHA512

                dd12ee9eb37d59004111ba28c47ff0470e6dbacf047f1af1af99b932ed7172be8cfa3df3f1550eda3d3448cd976395a4a8f46059a094d93be07dfebf8da00b32

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\R2R.exe
                Filesize

                170KB

                MD5

                db5499ebbfe3df8ef3f407422fab6f68

                SHA1

                9fc65b5092099782b80280e6cdaf109a89a16cfe

                SHA256

                f7644bab8ce7f0927f045c6c0ff84cbe45eb471d071c0eada673e9af06e8d7a0

                SHA512

                e132462dd5ac0eb36feb2bd92c004056dc164cd96546455d5202da7621436e06a811d94d8c440e71d429acce7dd8d18bcdf6c92aedc251745bda9342af7aa260

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\nsxB3C1.tmp\bpfull.exe
                Filesize

                3KB

                MD5

                46e07fd3a40760fda18cf6b4fc691742

                SHA1

                53ee1a754bf5e94fa88a6ab8bb6120b4011afcfa

                SHA256

                bd7ca609d2fb63e14d08acab1091579c23e298b4fa2ac1e8d2daaff94fc107be

                SHA512

                ce13f6527cbd13002dca00b71ab38ab12e3f3f7138ada0780ad3f40e7c49946c018a00782ec957b1fd123fb439aabc0d9b3660829dabf10ddcebba08d6e2fbbd

                Download Submit

              • memory/1700-23-0x0000000000400000-0x000000000040A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/2360-56-0x0000000000400000-0x0000000000449000-memory.dmp

                Filesize

                292KB

                Download

              • memory/4324-44-0x0000000000400000-0x0000000000465000-memory.dmp

                Filesize

                404KB

                Download

              • memory/4324-43-0x0000000000400000-0x0000000000465000-memory.dmp

                Filesize

                404KB

                Download

              • memory/4324-40-0x0000000000400000-0x0000000000465000-memory.dmp

                Filesize

                404KB

                Download

              • memory/4324-39-0x0000000000407000-0x0000000000408000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4324-31-0x0000000000400000-0x0000000000465000-memory.dmp

                Filesize

                404KB

                Download