Analysis
-
max time kernel
140s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-10-2024 17:00
Behavioral task
behavioral1
Sample
41080d706e41e5eb0c17439592c6832b_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
41080d706e41e5eb0c17439592c6832b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
41080d706e41e5eb0c17439592c6832b_JaffaCakes118.exe
-
Size
199KB
-
MD5
41080d706e41e5eb0c17439592c6832b
-
SHA1
2443238a4dff6f53bb0b979aca30c110af067430
-
SHA256
c09da3226f214911e3a1a9bbd42b98448712d17bb75661c3df26359a2c72c541
-
SHA512
4c4ba570b77fd860d6ba2d68c9a62c43ef354c366dc7ef6e32ae97a897003139a505be3a94d6a228496108208030923926af0f26e75ef368ed7c6575e0c48ffa
-
SSDEEP
6144:BqXRmS875c1qRTyPlk9RrVbTAJ1/CIJIR5F:mRmS87C10pRrJTAJcyQ5F
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 41080d706e41e5eb0c17439592c6832b_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2648 41080d706e41e5eb0c17439592c6832b_JaffaCakes118.exe 2648 41080d706e41e5eb0c17439592c6832b_JaffaCakes118.exe 2648 41080d706e41e5eb0c17439592c6832b_JaffaCakes118.exe 2648 41080d706e41e5eb0c17439592c6832b_JaffaCakes118.exe