Analysis
-
max time kernel
93s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 23:05
Static task
static1
Behavioral task
behavioral1
Sample
d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118.exe
-
Size
100KB
-
MD5
d09d4bd4b4841d24a481c7e7d2b010d1
-
SHA1
5999c9094a82845738715e3c4472bf271543fcdf
-
SHA256
ee1fb909fc5f82f29902b1c182120608742533df913a5e42143eee67d2c13a5c
-
SHA512
dd5337ba5d1014d1541775c6637f6726dbb188c46e93f64d7a5bb3b755f4e30214634356e79fc362e554607fee14fb27bff15771aee8952950ab7b593b3d901f
-
SSDEEP
3072:dR/+tK5p26JqWuDi+MfD6bMNNTgnzl3XzoDJ:dR/+tm22qWuzMG4TMzRY
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1380 d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 1380 d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d09d4bd4b4841d24a481c7e7d2b010d1_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1380