Analysis
-
max time kernel
135s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
28-06-2024 10:55
General
-
Target
19dbe94b766de8c0d6d2fddb3583a8a5_JaffaCakes118.exe
-
Size
52KB
-
MD5
19dbe94b766de8c0d6d2fddb3583a8a5
-
SHA1
38fc91c4d421bc31014197f41c263a036a72af04
-
SHA256
604e264d21abd35ab5bd848b647d03eec183e34d813352a5734c4dd3063ba22f
-
SHA512
64e2f379d0bf232fec9de814e722036b536b0427321c59dafd32496de049815ca79df54d367d71588b1119ad0973f990d7292579e7e5426259124c1037dd0b86
-
SSDEEP
768:dMnHTMEGGzlAE37TPNedqVxKdHKYGmeyvhicia0j:uQEGG57TPduHTsPT
Score
10/10
Malware Config
Extracted
Family
guloader
C2
http://www.guardarunners.pt/wp-content/Host_IkaBCwUo229.bin
xor.base64
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\19dbe94b766de8c0d6d2fddb3583a8a5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\19dbe94b766de8c0d6d2fddb3583a8a5_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3908,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=1420 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2060-2-0x0000000002210000-0x0000000002219000-memory.dmpFilesize
36KB