Analysis
-
max time kernel
139s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16/10/2024, 02:39
Static task
static1
Behavioral task
behavioral1
Sample
4b0fae714497cb3a60037e8f543d8ae9_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4b0fae714497cb3a60037e8f543d8ae9_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
wy.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
wy.exe
Resource
win10v2004-20241007-en
General
-
Target
wy.exe
-
Size
1.9MB
-
MD5
b18c3fbda7f860cacd7009ca0b0a50c2
-
SHA1
2a5ee5d73b29dc2e072b25192acdf18931acc1c8
-
SHA256
5850211530459f873ca0310c2221e113580ddc51bc2a211fd5d62d3c1f9834eb
-
SHA512
c9bb7421c001d45f2362199b2ec6f6cd7f0a59a62ecbcd870212f32f2e2f9e21b95ccaef5ef085737bf94229f404c3e72146bfa49de69a2714593158658ef667
-
SSDEEP
12288:8gKkcfmINnWutwH1CBRwJOUCC4YNe5O/GtFatedo/awd7Z0/:5imINDKVnOTC/M/Hatedo/bE
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wy.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3564 wy.exe 3564 wy.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22B
MD53cae722a37d3cffdf71647fbf7b50f56
SHA144906fea32090d13b297a32f1141aa101a14d238
SHA256acc9689be70a19f34911e0505a8c96df28e50365df419e543fbba28531e4341c
SHA512d58698799af977335e2c7bc3284905bd8e684e4fd4dc00f29537a9e5f1019e4ca94a404c7760e5650d45de921513bf7c4eaef833f76228b722b966de7edf8639