Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
14-01-2025 10:56
General
-
Target
JaffaCakes118_3be07720d75271452be60d7ea80d508a.exe
-
Size
177KB
-
MD5
3be07720d75271452be60d7ea80d508a
-
SHA1
ce8685fbc1a0ef90eab3911b64e3cfebd60238c2
-
SHA256
2125a1e00be1bd129634cdd69d9540a4c49ae1864702547ada32ec70da42c95c
-
SHA512
375a01be852e44e3025b06f6cc58902fd12f465c028cdbe28e537218b27e00ce81fa6c038c13aae49632a1e3aea1229086dade40721f509c9f022794113af897
-
SSDEEP
3072:AWdbPR3RVFNvm8L8ds89HNnXbIygHVP3txJDnWUUXK6sAkqOjwPp1ipLitl9:XhPRH/vfL8dV9HNMygHVPrVWUUXK8kqt
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 6 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3be07720d75271452be60d7ea80d508a.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3be07720d75271452be60d7ea80d508a.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3be07720d75271452be60d7ea80d508a.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3be07720d75271452be60d7ea80d508a.exe startC:\Program Files (x86)\LP\F9DA\348.exe%C:\Program Files (x86)\LP\F9DA2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3be07720d75271452be60d7ea80d508a.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3be07720d75271452be60d7ea80d508a.exe startC:\Program Files (x86)\92A7F\lvvm.exe%C:\Program Files (x86)\92A7F2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
996B
MD511fd5bc962f6f776ae2c842c30b4cc7a
SHA146ae977176f4a3c180df5ec00b9b91528b75f923
SHA256ab12721337ee068ff1dc7aaae0f3bdc82317e604b0668a55224fa8388ceac83e
SHA5122ffecb24bb1b2a94fd93ed0f34ba2ec33998f9f431e50120f6b140492dd1c54d712103f24b4d910a2c5cc736f32f4ac868dbae25666b0a9c233f9ef26ccb4072
-
Filesize
600B
MD5e74acae5634f51fa12ee429b6df95942
SHA1f19c5fcfd60da0bf48f223e5166cab6339fa2cac
SHA256931277106c9f82c9553933de7832e17cb45fbfdc4fa8b1c962db367295ab1a6c
SHA512e3a47cde9ee72570fad3f222c532907735d44b63259dc11fd9c2aa3731bba1e72d7af1569f3a8f8b94a011de57e2bee12932bb2fb2793685632caefeb6187875
-
Filesize
1KB
MD5e27b80442751eae4183fff20cdadbea1
SHA139b5f0f943143c86a401287a8a35755a5710ce3a
SHA256aacca25c8d09b485ffbee7794e4da463170eddc54c92a32cae48e4b0251c998a
SHA51245cd867eec56779455fffc51b30da753f89c1ffe6e229b726c4baaad05119d953dc75f7bb45a79782b7287ab8c45084c917aa9c652ddf359351c5f9287792505
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
568KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB