Analysis
-
max time kernel
13s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 09:35
Behavioral task
behavioral1
Sample
c0739326e04d27ac79613dece65ba18c_JaffaCakes118.exe
Resource
win7-20240704-en
4 signatures
150 seconds
General
-
Target
c0739326e04d27ac79613dece65ba18c_JaffaCakes118.exe
-
Size
6.5MB
-
MD5
c0739326e04d27ac79613dece65ba18c
-
SHA1
a2ce1d814104e4148c0dc10e94d441b640fd1862
-
SHA256
c08d83d6338196cec83e129e24d3f7f26c1973cfb442a4776c064556a4125688
-
SHA512
045c78902d5a04653b34d37da9ae2b279872997ad9f1c46f4f4b3bb57df4aa5b0cefdc58b7151cfe91894e76b0b7b8c0ddad9246c67af64406a25aec7b1a39e0
-
SSDEEP
98304:bV7ku6knsG72oLrvq5jpyI3KNA8694ZLDB/dPuA+F/mG4a5dQE0UwudBCUUyVzJJ:bVTnsGao4dyNhNRhdU/mZa5yE6PuzJH
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2468-41-0x0000000000400000-0x0000000000F02000-memory.dmp vmprotect behavioral1/memory/2468-42-0x0000000000400000-0x0000000000F02000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2468 c0739326e04d27ac79613dece65ba18c_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c0739326e04d27ac79613dece65ba18c_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2468 c0739326e04d27ac79613dece65ba18c_JaffaCakes118.exe 2468 c0739326e04d27ac79613dece65ba18c_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0739326e04d27ac79613dece65ba18c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c0739326e04d27ac79613dece65ba18c_JaffaCakes118.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2468