5d204814f6dbc7dd2370c5fce6d33726e5c71f46334ae8a177d0bfc1ab6c9c27

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
Size

22KB
MD5

8538a5b14ab4a1eba506891d2ecac7ea
SHA1

51d61be16796e4b6dc399c96b11f522141037abb
SHA256

5d204814f6dbc7dd2370c5fce6d33726e5c71f46334ae8a177d0bfc1ab6c9c27
SHA512

6b2fc7f474ec80a49b0c855d6d6ac5e8b9700c0a0e55ba84692007b20f0f21f7b81afdc2adfbf156e781aaa5689c0fa3638498f68f11bd9cb93c52c1598e594c
SSDEEP

384:oTjh0THDrstsBfhVvml1NJ4I97zi8KuTuKkojGCtLkSusLZ5UYoKN+3dhleGXa3G:62DIUYJ4I9fiPwjGCZkyFBolNhFXwi3/

Score

8^/10

discovery persistence

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Drivers\tcpip.sys	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Security Alert = "C:\\Windows\\system32\\wsçntfy.exe"	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wsçntfy.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DllCache\tcpip.sys	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv\Adobe Photoshop 10 full, crack, serial, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png\Porn, sex, anal, xxx, pics, pictures, archive.zip.rar.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\Windows Vista Installer full, working, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\THMBNAIL.PNG\Ahead Nero 8 full, serial, crack, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\Microsoft Office 2007 full Crack, Patch, working keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml\Adobe Photoshop 10 full, crack, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll\WinAmp 10 full crack, patch, serial, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\PREVIEW.GIF\Ahead Nero 8 full, serial, crack, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png\FL Studio 8.0 full, crack, working, patch, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\micaut.dll.mui\Adobe Photoshop 10 full, crack, serial, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwjpn.dll\WinAmp 10 full crack, patch, serial, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\Adobe Photoshop 10 full, crack, serial, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\PREVIEW.GIF\Hacking tutorials.doc.pdf.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png\Microsoft Office 2007 full Crack, Patch, working keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\EDGE.ELM\Ahead Nero 8 full, serial, crack, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\MSB1ENFR.ITS\Adobe Photoshop 10 full, crack, serial, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft Office 2007 full Crack, Patch, working keygen.com\Ahead Nero 8 full, serial, crack, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png\Jaws 5 full, working, crack, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC\FL Studio 8.0 full, crack, working, patch, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\Porn, sex, anal, xxx, pics, pictures, archive.zip.rar.exe\Hacking tutorials.doc.pdf.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\PREVIEW.GIF\Ahead Nero 8 full, serial, crack, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png\Ahead Nero 8 full, serial, crack, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png\Jaws 5 full, working, crack, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\Adobe Photoshop 10 full, crack, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui\Adobe Photoshop 10 full, crack, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\WinAmp 10 full crack, patch, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\Adobe Photoshop 10 full, crack, serial, keygen.exe\Adobe Photoshop 10 full, crack, serial, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml\WinAmp 10 full crack, patch, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png\Jaws 5 full, working, crack, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\Microsoft Office 2007 full Crack, Patch, working keygen.cmd\Ahead Nero 8 full, serial, crack, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\THMBNAIL.PNG\Windows Vista Installer full, working, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg\Windows Vista Installer full, working, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\FL Studio 8.0 full, crack, working, patch, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml\WinAmp 10 full crack, patch, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml\Porn, sex, anal, xxx, pics, pictures, archive.zip.rar.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml\Ahead Nero 8 full, serial, crack, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\Adobe Photoshop 10 full, crack, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png\Ahead Nero 8 full, serial, crack, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\SKY.INF\Porn, sex, anal, xxx, pics, pictures, archive.zip.rar.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\Users.accdt\Adobe Photoshop 10 full, crack, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png\WinAmp 10 full crack, patch, serial, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\JPEGIM32.FLT\Jaws 5 full, working, crack, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\Windows Vista Installer full, working, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip\Windows Vista Installer full, working, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat\Microsoft Office 2007 full Crack, Patch, working keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png\Jaws 5 full, working, crack, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png\Microsoft Visual Studio 2007 full.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.CNT\Porn, sex, anal, xxx, pics, pictures, archive.zip.rar.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\VBAJET32.DLL\Windows Vista Installer full, working, keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\Adobe Photoshop 10 full, crack, serial, keygen.com\Jaws 5 full, working, crack, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\WinAmp 10 full crack, patch, serial, keygen.exe\Microsoft Visual Studio 2007 full.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\Porn, sex, anal, xxx, pics, pictures, archive.zip.rar.exe\FL Studio 8.0 full, crack, working, patch, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm\Microsoft Visual Studio 2007 full.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png\Ahead Nero 8 full, serial, crack, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\Hacking tutorials.doc.pdf.com\WinAmp 10 full crack, patch, serial, keygen.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui\Hacking tutorials.doc.pdf.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\Hacking tutorials.doc.pdf.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp\Microsoft Office 2007 full Crack, Patch, working keygen.com	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF\Microsoft Visual Studio 2007 full.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\Microsoft Office 2007 full Crack, Patch, working keygen.scr\Microsoft Visual Studio 2007 full.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\WinAmp 10 full crack, patch, serial, keygen.com\FL Studio 8.0 full, crack, working, patch, keygen.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp\Hacking tutorials.doc.pdf.cmd	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp\Adobe Photoshop 10 full, crack, serial, keygen.exe	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT\Porn, sex, anal, xxx, pics, pictures, archive.zip.rar.scr	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MAKECAB.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 756	2680	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe	31
PID 2680 wrote to memory of 756	2680	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe	31
PID 2680 wrote to memory of 756	2680	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe	31
PID 2680 wrote to memory of 756	2680	8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8538a5b14ab4a1eba506891d2ecac7ea_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\SysWOW64\MAKECAB.exe
  MAKECAB "C:\Users\Admin\AppData\Local\Temp\email.exe" "C:\Users\Admin\AppData\Local\Temp\tmp17D5.tmp"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\Microsoft Office 2007 full Crack, Patch, working keygen.exe

Filesize
22KB

MD5
8538a5b14ab4a1eba506891d2ecac7ea

SHA1
51d61be16796e4b6dc399c96b11f522141037abb

SHA256
5d204814f6dbc7dd2370c5fce6d33726e5c71f46334ae8a177d0bfc1ab6c9c27

SHA512
6b2fc7f474ec80a49b0c855d6d6ac5e8b9700c0a0e55ba84692007b20f0f21f7b81afdc2adfbf156e781aaa5689c0fa3638498f68f11bd9cb93c52c1598e594c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp17D5.tmp

Filesize
22KB

MD5
fcc97a452184febb400b10a7bd89c77b

SHA1
676f14cb66e5deb801eefc30335ec55534951e68

SHA256
0b2cbb80a6672953b429a93e6eb5eabdf2887c3cfe1411fc25326960e5604496

SHA512
6fa1a09db216a1e02d563f96fce09db51d61df29061fae498df326bbd36c2ad7b9bb7487eca25f8b9fa7d335fc192245aff8d60e761905dd871cdd3f41380fef

Download Submit
memory/2680-1081-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-1042-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-1046-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-1075-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-1041-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-576-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-1775-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-2183-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-2217-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-2249-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-2263-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download
memory/2680-2267-0x0000000000450000-0x000000000046C000-memory.dmp

Filesize
112KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads