Analysis
-
max time kernel
132s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2024 21:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
713b04e49b72ec3f1c7a565c3966a6ab_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
6 signatures
150 seconds
General
-
Target
713b04e49b72ec3f1c7a565c3966a6ab_JaffaCakes118.exe
-
Size
519KB
-
MD5
713b04e49b72ec3f1c7a565c3966a6ab
-
SHA1
1dac64da30097ac31736c1529dfcc96604439d3c
-
SHA256
f00a042bb3aa0fd344f98c2f2f868a70ae5ceeaaead2c66302b9a53199e8f991
-
SHA512
103d5562a6e68d47a4aee181e812f8054f1492c5c9d6566a4c3fee1e9d3adaa506182b9ad6d14793fd895ef81d113e18652e878127274c72d181f2b5e36c6971
-
SSDEEP
12288:31PdSGXeXBqusYqPB/0oz1xY1Z9CczJgUa:3lvXeXBqpBj85hep
Malware Config
Signatures
-
Vidar Stealer 4 IoCs
resource yara_rule behavioral2/memory/64-2-0x0000000004080000-0x0000000004108000-memory.dmp family_vidar behavioral2/memory/64-3-0x0000000000400000-0x000000000048C000-memory.dmp family_vidar behavioral2/memory/64-8-0x0000000004080000-0x0000000004108000-memory.dmp family_vidar behavioral2/memory/64-7-0x0000000000400000-0x0000000002273000-memory.dmp family_vidar -
Program crash 1 IoCs
pid pid_target Process procid_target 844 64 WerFault.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 713b04e49b72ec3f1c7a565c3966a6ab_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\713b04e49b72ec3f1c7a565c3966a6ab_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\713b04e49b72ec3f1c7a565c3966a6ab_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
PID:64 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 9202⤵
- Program crash
PID:844
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 64 -ip 641⤵PID:3664