Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-10-2024 18:09
Behavioral task
behavioral1
Sample
2338cb0d012bb88f75ee87738504eef0_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2338cb0d012bb88f75ee87738504eef0_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
2338cb0d012bb88f75ee87738504eef0_JaffaCakes118.exe
-
Size
866KB
-
MD5
2338cb0d012bb88f75ee87738504eef0
-
SHA1
6f8f732dff78a906f5c33facae1dd564a1299351
-
SHA256
8f7a4c15fa3c99b3e4bf0ab4140a5037dd8cc69cd9e189e4399bf290b80d8a0e
-
SHA512
120ff331e5ef6fe6e006eb29513ea34a4832d1976520ca10226339adc72f50c8bcb0a7d02e9940f41d43a83ec3e3ff7095f08216ff38be567c51364f3ca3a51d
-
SSDEEP
12288:udhqt3A9gQBiNHRhxOM6T2XpXFwufBRS5rn6JfXCjUafpVeDQyUXfW+u/oSW6L0:OAquN38jkRRYrnjjUafpVMUXfnuq
Malware Config
Signatures
-
Detected Xorist Ransomware 1 IoCs
resource yara_rule behavioral1/memory/1984-1-0x0000000000400000-0x00000000004DE000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2338cb0d012bb88f75ee87738504eef0_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1984 2338cb0d012bb88f75ee87738504eef0_JaffaCakes118.exe