Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08-04-2024 02:16
Static task
static1
Behavioral task
behavioral1
Sample
e667be12287ccb2fddbc1644e0b4ec76_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
e667be12287ccb2fddbc1644e0b4ec76_JaffaCakes118.exe
-
Size
768KB
-
MD5
e667be12287ccb2fddbc1644e0b4ec76
-
SHA1
7b4a31d9d7cef13d648b3fa51c547fcb23c66b8d
-
SHA256
c6145d071ca19409a854d7c94cd3da92a50db5561a747ea29fda9e7a734678f1
-
SHA512
82ecef0e88aca89efac381dde32f201553b8a770e480ba9c851c493fd6fa2e10a4eac933581b0e61269a3f653748a8688c87493a316a3de84ae0081cfaa4cd59
-
SSDEEP
12288:k0B3qFl33VV2yJYhm1M4GBJQnX1cOW1y40KJnmSjLbzAqMCvKOnxEuui:nBKf20wmy4IZv1V06nmSLzAzF8xEX
Malware Config
Extracted
cryptbot
ewadmw53.top
morexn05.top
-
payload_url
http://winorm07.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 4 IoCs
Processes:
resource yara_rule behavioral1/memory/2948-2-0x0000000004AA0000-0x0000000004B81000-memory.dmp family_cryptbot behavioral1/memory/2948-3-0x0000000000400000-0x00000000032BC000-memory.dmp family_cryptbot behavioral1/memory/2948-6-0x0000000000400000-0x00000000032BC000-memory.dmp family_cryptbot behavioral1/memory/2948-7-0x0000000004AA0000-0x0000000004B81000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
e667be12287ccb2fddbc1644e0b4ec76_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 e667be12287ccb2fddbc1644e0b4ec76_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString e667be12287ccb2fddbc1644e0b4ec76_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2948-1-0x00000000002F0000-0x00000000003F0000-memory.dmpFilesize
1024KB
-
memory/2948-2-0x0000000004AA0000-0x0000000004B81000-memory.dmpFilesize
900KB
-
memory/2948-3-0x0000000000400000-0x00000000032BC000-memory.dmpFilesize
46.7MB
-
memory/2948-6-0x0000000000400000-0x00000000032BC000-memory.dmpFilesize
46.7MB
-
memory/2948-7-0x0000000004AA0000-0x0000000004B81000-memory.dmpFilesize
900KB