Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-09-2024 20:05
Static task
static1
Behavioral task
behavioral1
Sample
e9e23dfd49a971a434d8e7d9a02a4d8a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e9e23dfd49a971a434d8e7d9a02a4d8a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
e9e23dfd49a971a434d8e7d9a02a4d8a_JaffaCakes118.exe
-
Size
130KB
-
MD5
e9e23dfd49a971a434d8e7d9a02a4d8a
-
SHA1
4637c95879ad125e2caf126a74ebb1ec8c0fadf4
-
SHA256
5f6b98e16d8971675a8baefb3f32cee09b611946196e8cbc51c0364fa516f21a
-
SHA512
ba044875ed06249b3962a785e78fae468f94dde7ac547c809907c8fdcd18eb7e1fa387e5455d904196161f05765309e2d71dbf2b5558ac777261662336109193
-
SSDEEP
1536:ctZUV8GeJ+Bspr7FvXWIDFj8LMIvk2yu7GSPT3MexuvRAE1jWQQPUkXas5COP:SLikpXLDGLMIvn7GQMlRAE1jWQ4as5tP
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e9e23dfd49a971a434d8e7d9a02a4d8a_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2968 e9e23dfd49a971a434d8e7d9a02a4d8a_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2968 e9e23dfd49a971a434d8e7d9a02a4d8a_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e9e23dfd49a971a434d8e7d9a02a4d8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e9e23dfd49a971a434d8e7d9a02a4d8a_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2968