Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 21:43
Static task
static1
Behavioral task
behavioral1
Sample
139083be148d63b991b7848b116f93d1_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
139083be148d63b991b7848b116f93d1_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
139083be148d63b991b7848b116f93d1_JaffaCakes118.exe
-
Size
108KB
-
MD5
139083be148d63b991b7848b116f93d1
-
SHA1
8528b44ee3086b209eebdb08c6b3cc5ed5a40fab
-
SHA256
e0268648dddfc680d9a6a9445b8d7fa07667c42be6ed9dfefaabea1e792e387b
-
SHA512
6e3ccb2809108ff0ea9ffb4239371aa5dabadbd710c4af80b9e8975c3aa30b5c410cd0cc94d6a2fa8ae6da368bb9e742d941734d280610979cc8caefffea1a47
-
SSDEEP
1536:wq9kCxG1zdcaKw1LCwVa4S49WsSzTdCh+G7qwB:wldc7EuKWov
Malware Config
Extracted
guloader
http://www.aussieadrenaline.com/yh/janomo_iMWOx126.bin
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/5092-2-0x00000000021F0000-0x00000000021FC000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
139083be148d63b991b7848b116f93d1_JaffaCakes118.exepid process 5092 139083be148d63b991b7848b116f93d1_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5092-2-0x00000000021F0000-0x00000000021FC000-memory.dmpFilesize
48KB