Analysis

  • max time kernel
    94s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 08:09

General

  • Target

    954629ff9ce33078a16400b30a1acbb3_JaffaCakes118.exe

  • Size

    140KB

  • MD5

    954629ff9ce33078a16400b30a1acbb3

  • SHA1

    76e7361480e9cf653d653d069b6b6b77cbe85d65

  • SHA256

    c62f72ae6e0b0956b2b13bf6d1321a179b174fade0cc68ba837e5d0d83720c09

  • SHA512

    4c43ab8c0985ff6f5d4fbb5273c53801dcd6f0c6f4589a5bb2ad922145837de2322c0282a650f6c3f2715dac4920ac3701fa702783aaece93810fd3b2cd49171

  • SSDEEP

    1536:bQSOCu5ggOcH8nf9sNnTGeZX3OzJsli+j6xqu9jTmdYK92U2ma1:nc5HJHs1ITGk5LLuxmNPW

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%211163&authkey=AN5cqA67ImQCcBA

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

  • Guloader payload 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\954629ff9ce33078a16400b30a1acbb3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\954629ff9ce33078a16400b30a1acbb3_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/232-2-0x0000000002AE0000-0x0000000002AEB000-memory.dmp

    Filesize

    44KB