Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01-10-2024 03:15
Static task
static1
Behavioral task
behavioral1
Sample
042ba463eebf5403058e100707c92c03_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
042ba463eebf5403058e100707c92c03_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
042ba463eebf5403058e100707c92c03_JaffaCakes118.exe
-
Size
525KB
-
MD5
042ba463eebf5403058e100707c92c03
-
SHA1
0f00d4a106020314a4eaaab41cfead4f3ad83f3d
-
SHA256
aa3d28235dd95667ed2480c864887e6b909dc765e46fbf06fd494af4b840fc27
-
SHA512
d19b9e8d40e53232f2d41d02b336746a590180f2ecdd2f75dc5a988a16e3f936406a540974da60b89f5b2d7c06e8fba3c334e8a74ff37d307b6bee9fb8eb706d
-
SSDEEP
12288:rVTZ5PlGQX8tuU2R3xtRe5+nB7+AP6r+EFhxgRKe:pFdDX84U2TtR7nlHvtl
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\wc98pp.dll 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe -
Modifies registry class 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ic32pp 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ic32pp\CLSID = "{BBCA9F81-8F4F-11D2-90FF-0080C83D3571}" 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571} 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571}\InprocServer32 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571}\InprocServer32\ = "C:\\Windows\\wc98pp.dll" 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571}\InprocServer32\ThreadingModel = "Apartment" 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2552 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe 2552 042ba463eebf5403058e100707c92c03_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\042ba463eebf5403058e100707c92c03_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\042ba463eebf5403058e100707c92c03_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2552