Analysis
-
max time kernel
94s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14-08-2024 08:09
Static task
static1
Behavioral task
behavioral1
Sample
954629ff9ce33078a16400b30a1acbb3_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
954629ff9ce33078a16400b30a1acbb3_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
954629ff9ce33078a16400b30a1acbb3_JaffaCakes118.exe
-
Size
140KB
-
MD5
954629ff9ce33078a16400b30a1acbb3
-
SHA1
76e7361480e9cf653d653d069b6b6b77cbe85d65
-
SHA256
c62f72ae6e0b0956b2b13bf6d1321a179b174fade0cc68ba837e5d0d83720c09
-
SHA512
4c43ab8c0985ff6f5d4fbb5273c53801dcd6f0c6f4589a5bb2ad922145837de2322c0282a650f6c3f2715dac4920ac3701fa702783aaece93810fd3b2cd49171
-
SSDEEP
1536:bQSOCu5ggOcH8nf9sNnTGeZX3OzJsli+j6xqu9jTmdYK92U2ma1:nc5HJHs1ITGk5LLuxmNPW
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%211163&authkey=AN5cqA67ImQCcBA
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
resource yara_rule behavioral2/memory/232-2-0x0000000002AE0000-0x0000000002AEB000-memory.dmp family_guloader -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 954629ff9ce33078a16400b30a1acbb3_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 232 954629ff9ce33078a16400b30a1acbb3_JaffaCakes118.exe