Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 03:18
Static task
static1
Behavioral task
behavioral1
Sample
5cea902c8da17da7d0ea07d7184d2a2b_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5cea902c8da17da7d0ea07d7184d2a2b_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
5cea902c8da17da7d0ea07d7184d2a2b_JaffaCakes118.exe
-
Size
76KB
-
MD5
5cea902c8da17da7d0ea07d7184d2a2b
-
SHA1
fa31a0212173996194346fc5f19a3264cad6f8b3
-
SHA256
581b469f717ea81ca27c80fe622d894a13d0217b44cd2db3197246f52d9256cb
-
SHA512
7df3ccdd3a8cbf3646f93d7750de54d818c3f8ab88866572332303ba8184930e7e005a4fb37d4892024a2456fb7b271d4cffd43ec342c522923905a96aaa9114
-
SSDEEP
768:7C3ZvaUQaWPQxzX7sFGDQWrXNbIh43tWWC3Zv:7eCQiQxzX7sfSXNbI68We
Malware Config
Extracted
guloader
https://spiritualfoodshq.com/newcry/augnow_IFFpCD231.bin
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1224-2-0x00000000003B0000-0x00000000003C1000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
5cea902c8da17da7d0ea07d7184d2a2b_JaffaCakes118.exepid process 1224 5cea902c8da17da7d0ea07d7184d2a2b_JaffaCakes118.exe