Analysis
-
max time kernel
132s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
16-08-2024 22:59
Static task
static1
Behavioral task
behavioral1
Sample
a0465bf4f27b8c4f5604af50926dcc89_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
a0465bf4f27b8c4f5604af50926dcc89_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
a0465bf4f27b8c4f5604af50926dcc89_JaffaCakes118.exe
-
Size
97KB
-
MD5
a0465bf4f27b8c4f5604af50926dcc89
-
SHA1
795cfc702138cc9e0a5c78d8cd75d9791bf06748
-
SHA256
2a7777f7596e26c222440ccc449733dd188ba4d3acaf2cb7b89d9de37ebe7120
-
SHA512
b66bfba3787f9815bd055ed933c2f99d8529434c2f1248a9001390cfbe98926494bf097e68496cb266b8e5de113238eb4ca21b720ee73159a07396043f8ff9b1
-
SSDEEP
3072:MQFFeza/Yn1SIrFiwTQt3/6Zz/ZuKWDzfu:MQFFo1SI5iwTQt3/acKWD6
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a0465bf4f27b8c4f5604af50926dcc89_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2572 a0465bf4f27b8c4f5604af50926dcc89_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2572 a0465bf4f27b8c4f5604af50926dcc89_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0465bf4f27b8c4f5604af50926dcc89_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a0465bf4f27b8c4f5604af50926dcc89_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2572