211c37d00b6555ca57c72c779220f31fdb21394436066991149c604487b44991

Analysis

max time kernel
135s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe
Size

11.5MB
MD5

399d264c0aa7a682451fb3f6cc3cd38a
SHA1

8065558ba13e129dd5d60e7caae3b7c6ddd3c63a
SHA256

211c37d00b6555ca57c72c779220f31fdb21394436066991149c604487b44991
SHA512

3917e2e008e8af0f928d4e5848fecf80e154d76342d6ec4bf9028ef439c4551aa764f6cc2a928eceecfc720723a381882eacc4950d1b752f6f6f49395bc2a92f
SSDEEP

196608:SsqspL1md8bNAL1OG7mFtE0dXxU6QgWKkgo5mIOE03hQAJ9DAfx8E:SipL1md8JAL1OGCnE6U6WKsvf0RdJlAL

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

installstat.exeMeMeLiveShow.exe

pid process

2212 installstat.exe
1672 MeMeLiveShow.exe

pid	process
2212	installstat.exe
1672	MeMeLiveShow.exe

Loads dropped DLL 7 IoCs

Processes:

399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exeMeMeLiveShow.exe

pid	process
2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe
2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe
2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe
2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe
2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe
1672	MeMeLiveShow.exe
1672	MeMeLiveShow.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\UninstallMeMeLive.exe	nsis_installer_1
\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\UninstallMeMeLive.exe	nsis_installer_2

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

MeMeLiveShow.exe

pid process

1672 MeMeLiveShow.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

MeMeLiveShow.exe

pid process

1672 MeMeLiveShow.exe

pid	process
1672	MeMeLiveShow.exe

pid	process
1672	MeMeLiveShow.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe

description	pid	process	target process
PID 2224 wrote to memory of 2212	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	installstat.exe
PID 2224 wrote to memory of 2212	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	installstat.exe
PID 2224 wrote to memory of 2212	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	installstat.exe
PID 2224 wrote to memory of 2212	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	installstat.exe
PID 2224 wrote to memory of 2212	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	installstat.exe
PID 2224 wrote to memory of 2212	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	installstat.exe
PID 2224 wrote to memory of 2212	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	installstat.exe
PID 2224 wrote to memory of 1672	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	MeMeLiveShow.exe
PID 2224 wrote to memory of 1672	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	MeMeLiveShow.exe
PID 2224 wrote to memory of 1672	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	MeMeLiveShow.exe
PID 2224 wrote to memory of 1672	2224	399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe	MeMeLiveShow.exe

C:\Users\Admin\AppData\Local\Temp\399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\399d264c0aa7a682451fb3f6cc3cd38a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2224

C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\installstat.exe
"C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\installstat.exe"
2⤵
- Executes dropped EXE
PID:2212

C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\MeMeLiveShow.exe
"C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\MeMeLiveShow.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1672

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\config.ini
Filesize
24B

MD5
5def4998d7ca032528d0ff2dabd416f1

SHA1
50d73e9ed412cf47dce51f6fac013b38e9f89b0e

SHA256
fc4a84b90d21349f3c6964623bb4ef4c0799ca7387a5f442a601cf80a3e15b20

SHA512
50d3913f005ede171719721f5173833b67f44792fadc0ec5ebdd1e069f88acba92c9cce3c2925cccb4c14f06ec931712d502d1c8f2a19cdf02b6a6801f1d1e66

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\close_btn_normal.png
Filesize
1KB

MD5
30529fb781d24f3e549293d3b6e1b21a

SHA1
22bc1b1ab68724d2c0b1ed81a5b012c658125a34

SHA256
666103a64e17a51b0dde2059b453c5954e01b73b777a4989be667d6df66c35dd

SHA512
c69a5fe1b8272c2cc7c9a83b3a999df288657fc478f0d49a57f5d61b2cc36f917083e4f12243f679de2a64169a12a8c28e5bda753f9323ef381387a34ee30393

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\fav_tab_selected.png
Filesize
15KB

MD5
49ccb1c7f0753857a52b81e6c284712b

SHA1
0099aec9f8121c6edf99bef990b90a8b7e974be0

SHA256
dad0700d3774bfc875905e382dbcf94b7dfdd8b849a93468e19ce613d0a4c201

SHA512
6cbaa08963e33e828ccb45f490d2b1777bdafa4cec6b9de519300289b3bb1d433e4644c1f4a5a4a9c5fe03805acdf31068aaf0f534d784e33a05da84df137867

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\history_tab_normal.png
Filesize
16KB

MD5
4b7a416325fabd275760da180cb08886

SHA1
fd8bc76f8a5278f3d846650ebb5b9f0bcf003ee9

SHA256
b35d420a8960654236007ca7ceec53d6b6c6fcc6a510bbb8a807cf6ce1b9d363

SHA512
9476673f53b8e6ae08560179577679d993a33d3afea30c95af259d74e548ff42082e5f252c765372c4678cb0be39f2331a6584fd3aac1f37113a652a8e15f684

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\list_empty.png
Filesize
9KB

MD5
281e8678954b203c734d439a172b2245

SHA1
d4979652c890a8940e65ba0451aa35e142b2e536

SHA256
b63be4422825926a9ad98649ef63a313f1807a363588e08d1ccc9849089782f7

SHA512
9ea4c862f40336a1b57c27fe1c22fe00ac24e35b94c3deb12054fc6ee06dba877dd6688603b9fc5f6680eb68eff6f4fe99ebb82a2978133081e775f02eb2b3f8

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\logo.png
Filesize
4KB

MD5
5c5ea3f39008123df0bc8ce3b6ffd60c

SHA1
3659754a72773a3a8602220032d528bea1e5814e

SHA256
8de7b82d9d73deda4638e7e135105c1717cd6619519e100725777ad396d74433

SHA512
00a6eb8939be636e7344fa0e61fc37f8cea9fcb3d662d5ccffec3386d196a29ea22d99f2e32700e84242f5ed5718ae72791f5432a01027bc653f8626ae295218

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\max_btn_normal.png
Filesize
1KB

MD5
875370b286768d7f6974668e1a8b59bc

SHA1
32228b3e455cebff22fe4b735c70603326b1b71b

SHA256
94a05f763d6a6413f1e55795dc393453cdcfb735d6460dba2a154f3e452b0646

SHA512
0ae65ca983c9043bb7b50f12df9d6c5b9c4889a24897a4e97406de39087de273dc3a777f9213fcc3acf3816b5033b5dd34fd1b84a2310be2de0c69bb4780dba3

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\min_btn_normal.png
Filesize
998B

MD5
d68036dcca527ec11af0ab54ed8102d6

SHA1
58425f817eb50884e37e9af00bfa53c5baabf85e

SHA256
cc4e21468319b7e11eec070617373ad640fae6934742997daec582a84978cd5e

SHA512
44359d8f7189e5538fac70c74db12410fa56484b3b49c0b769c62347b94fb097c1503f8164ee8a920fde0a5c66c880a92f44847daa679a557a25351f98e294b5

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\selected.png
Filesize
2KB

MD5
2b3774853e8532a709d8491370554ed0

SHA1
cb0ed6fe967d2a42139cbc9afb38ae28af5947d2

SHA256
7de77b3827168b48c9b9885903fe5278efd327e192bf51664c3f3616db7e5b2b

SHA512
5a54b3c6eed83ceda36a12021b994dd5826416cbdb9f7ca52a1a9abbbf293c8441faf68ab547dd03e2d5b3a8827141e2b4277743e25639cdd064583338e56711

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeImgs\setting_normal.png
Filesize
511B

MD5
575689a022d8ebea10c3fb6356babbd9

SHA1
0a1f7a94bfd6840a02807d1c2ef2ea2307ff589b

SHA256
751d96d02b22dc0b06fef3b67e80323ce71d827bfa4d9f4bf40d04b9373b9c3d

SHA512
f650a055d6681df20c565631028a93cb8178fecfc51f9b25a0d6567652c687248ae0fe1c01d1a7514414e49bb82225deaab908c9fa8d19ce875c0b61866a0b6d

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\MemeMain.xml
Filesize
14KB

MD5
7d7532717ec5e1ab3f175190bf4f961c

SHA1
fb148f9f6ac822ffa180fb3eaec45f7b8fc19a39

SHA256
c9ee6d52d34997ecc6d3b7d12506cb26249066507adbd842a8b4ba9facf95f77

SHA512
2a14eb31c06cf5ce99f236383cb10810dade66b0bd0a0f24b6f133eff0929bde6b06ee7b7d2afc6870a25955697c0256de94b5e9673433b97bc342017d1a7b5d

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\imgs\shadow.png
Filesize
42KB

MD5
c0be32678b67b10a64360e2e0fe88324

SHA1
a215561be02ec976e5bf5267d3f955ffbcfdd74e

SHA256
7627d70572b6303ccdc0c2f6e2e5034f1495d5739f9211b1065b65feb52d2f4d

SHA512
68c864f4c4f4b8646c422ab5efa72961a637ac2637454b40f1adabedb0eb091c7acf2e696b5665e948d6c33bc358908e933de63919fb6e97c756bd062f9dbcd7

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\skin\res.xml
Filesize
1KB

MD5
5c40f054143cf176a1cf63521f83abdc

SHA1
54a4df9a4d7bcc5fd25f427eeae3bfb55aad279d

SHA256
e58bb1fa0a5e04104c97b63b5c8d26173aba4c55a917188f10db602be3c229db

SHA512
d5a1ebc19114b9ba27e7d7ba98a8f498923c265b7699785792fc653802bf380e53d9d86fe1245bdb86559d03108b168c5f56fe8e6bcf372915f6bf18a87368c7

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\ver.ini
Filesize
51B

MD5
93f1e91bebfa331f5350321a3bbb4608

SHA1
87666e9b4d4ecf4bc9f4ec57cb0de2ef9219f77b

SHA256
88386c05f96b2678786292a20d6881282c93153e89df7fc474123868c3ded8e7

SHA512
4eba8777a14dc7afcc0c2067a5da1f8f46a21c226376a748eb5e280a7a31e7c330a09359b7cb67ed45b229d79af6200507ecc3064cc45bf720b64f80209763c3

Download Submit
C:\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\wke.dll
Filesize
11.2MB

MD5
da51b7b21ec3208b36a7b3e8bcf8a88d

SHA1
53393c21ea8b1d30e3308acc50c23f055c631cc5

SHA256
c21c88944d30d2b4396586bb78d65a7d2c0aa0e9049b5a1b622d3d57cb94bc22

SHA512
7d4d93ef684cfafba5c90624ebbd739d8314a933a16aec6bb27f42226ede3428ca48849765d8a34d59b98c76a8a5993840c04a6b8fa2a18797bb44e35572921c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Ã´Ã´Ö±²¥\Ã´Ã´Ö±²¥.lnk
Filesize
1KB

MD5
c38f22e84610ffe4e7bc259a2e8c1309

SHA1
9415f19b8e07385612b7356025484e1f1b5347ac

SHA256
69358b828c922d48e4adc73a80c415beed5010602441f14c32fd0f112ddbc421

SHA512
c704fc6b0ee9b1afb426108d3ffaa176d3d75dfe2a9f6bbaa8a8ba717b07422aef85655f953851e158be7f366f3aed450d21c60d02847ae9726606993530d671

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA46C.tmp\System.dll
Filesize
11KB

MD5
375e8a08471dc6f85f3828488b1147b3

SHA1
1941484ac710fc301a7d31d6f1345e32a21546af

SHA256
4c86b238e64ecfaabe322a70fd78db229a663ccc209920f3385596a6e3205f78

SHA512
5ba29db13723ddf27b265a4548606274b850d076ae1f050c64044f8ccd020585ad766c85c3e20003a22f356875f76fb3679c89547b0962580d8e5a42b082b9a8

Download Submit
\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\DuiLib.dll
Filesize
945KB

MD5
753a6bad1d1496933feae090b79c8658

SHA1
3363a1aef6650b156191d2cf4d6270715d142000

SHA256
c0385fa6e91efc54c7fdfb05010f468eb1adff21b9dec367b21582d4cb07452d

SHA512
3ec3e063cbc54783eac9cb9d5f6f9e5e797d63389367cb5a6c745394cb8ae1022e188bf6e5706d872d6948028d646fbe905adebffb20599784264451ec165607

Download Submit
\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\MeMeLiveShow.exe
Filesize
992KB

MD5
f8c15dc56faffdc96995129c1a30c794

SHA1
cbe00d7f50b596b9c958fc951b64da30e283d6e6

SHA256
f85049ff4a1acde8021902fa51b7d7f3bd42df8ce9b8c3be49362516cbe7a2b5

SHA512
45ae09c9b604a9c6d9ba3afdf5f145ff2c73a9f96f7e2cdf7c9832a3629f93e1086bfec98d8c4001a8c7be3f39977b62178ce08baa05db9ca0b5f3f18b68be0b

Download Submit
\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\UninstallMeMeLive.exe
Filesize
394KB

MD5
5b4c0f4589753cf28114c0cf73a729a8

SHA1
aeaa96eff6b4a43c0761b418119fb0fb96aa5073

SHA256
a186be7d61b6ac54de13410110086f81fdded6987182d15867cb45a104c236cc

SHA512
c343835c4cc5d9f6a3b4cea080e4d592f83563966b65e978aed5c93a5b9891eb97a246b1b36e68ec911142a903f8156d2f8340c6a1c50a7294b61eaf5e14d8a4

Download Submit
\Users\Admin\AppData\Local\Ã´Ã´Ö±²¥\installstat.exe
Filesize
143KB

MD5
3b33ffd1ef0c8f6e10faea3ed9cf7bc2

SHA1
1229b115c2ef007bc6e02ec38bd8cb3a3435503c

SHA256
dbf89b2db9cdcbfbbe372eb36acd2627184cea76210292c8033e359d5d98ad37

SHA512
035b7530a6ade7956d1db671ff4f3364c238efdf60e28a0948976523703d63a6883235650659a7364f87457f92b0b23afe150b4f26aaddc98631d7fa8e5ad717

Download Submit