Overview

overview

10

Static

static

3

JaffaCakes...1a.exe

windows7-x64

10

JaffaCakes...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2025 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_5d40f99bd44202cf637f49a13fe76d1a.exe

  • Size

    200KB

  • MD5

    5d40f99bd44202cf637f49a13fe76d1a

  • SHA1

    88e5c7c10c15d500927da0091751446f98992673

  • SHA256

    6555a628bc538bdf489c973f1834d40fc93b91116cf402242048af64539d3d5b

  • SHA512

    35bf759c931d5220d5e6b4ca07fb890b1f5a3f537632e9c56fc92f396a323afc3649eacb74b74b52f9bf5e8179775e894ba3011f4aee2da6feeed2a82864e987

  • SSDEEP

    3072:21GrvL/iemCekT0f++pbjNfszKp3B4G03PN5jeadkIeeKSr/c11nYpC+31q/aI9G:2AbhQhHNHv0DeNJ

Score
10/10
guloaderdiscoverydownloader

Malware Config

Signatures

  • Guloader family
    guloader
  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5d40f99bd44202cf637f49a13fe76d1a.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5d40f99bd44202cf637f49a13fe76d1a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/320-2-0x00000000006C0000-0x00000000006D8000-memory.dmp

    Filesize

    96KB

    Download