21cdf5a02f664df155c15285f3d7084f4822bf381ee10e2e65545290dcbee480

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 00:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
Size

367KB
MD5

fb2a5815c4ca48b02dbff024019df607
SHA1

61827afa83389e1500543ae98a54f87726da1018
SHA256

21cdf5a02f664df155c15285f3d7084f4822bf381ee10e2e65545290dcbee480
SHA512

69692f1c34bde7c13b010578451977bc070d5e214ae6ad5f0d43250bca42afb615223fc84181f48b23b6b9b2409113dc38bd8636867aa08abfb3a6308bc652ab
SSDEEP

6144:0s+CUVwmqCBjbRVa5z7aMLZQ/IN5YQX25a0YosCZ2HPu04JPpEBrlvGJxpRsGKde:XUaNCBjbyz+u0IUYj/osVHPLUSBrlKFX

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2264	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Gun Griffon Blaze.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Moto GP.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\PlayStation 2 System.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\X Squad.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\SSX.TXT	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\X Squad.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Jikkyou World Soccer 2000.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\DOA2 - Hardcore.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Fifa 2001 Major League Soccer.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\Uninstal.exe	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\README.TXT	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Unreal Tournament.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Ridge Racer 5.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Silpheed - The Lost Planet.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Kessen.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Dead or Alive 2.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\DrumMania.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Dynasty Warriors 2 .txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Silent Scope.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Dead Or Alive 2 - Hardcore.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Silent Scope.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\LESEN.TXT	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Madden NFL 2001.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\DOA2 - Hardcore.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Sky Surfer.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Ready 2 Rumble Boxing - Round 2.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Tekken Bowl Tournament.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Tekken Bowl Tournament.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Gradius 3 and 4 - Mythology of Revival.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Street Fighter EX 3.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Orphen.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Smuggler's Run.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\myini.ini	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Summoner.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Dynasty Warriors 2 .txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\ESPN International Track & Field.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Midnight Club - Street Racing.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\uninstal.ini	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\FILE_ID.DIZ	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Eternal Ring.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Fifa 2001 Major League Soccer.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Sky Surfer.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Tekken Tag Tournament.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\FILE_ID.DIZ	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Street Fighter EX 3.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Shin Sangoku Musou.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\PlayStation 2 System.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Armored Core 2.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Silpheed - The Lost Planet.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Gun Griffon Blaze.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\LESEN.TXT	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\SSX.TXT	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Dead or Alive 2.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Ready 2 Rumble Boxing - Round 2.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Gradius 3 and 4 - Mythology of Revival.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Armored Core 2.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Jikkyou World Soccer 2000.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\ESPN International Track & Field.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Shin Sangoku Musou.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Kessen.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\Uninstal.exe	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Madden NFL 2001.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Midnight Club - Street Racing.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
File created	C:\Program Files (x86)\Cheatbook PS2 11.2000\PS2\Dead Or Alive 2 - Hardcore.txt	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.ini	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb2a5815c4ca48b02dbff024019df607_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Cheatbook PS2 11.2000\uninstal.ini

Filesize
4KB

MD5
d9218dc085a114d9e5bcf47192ff5517

SHA1
ad38e177816ce4a0536f0d688f3a10305b13ae9f

SHA256
41c992dd2da8d5e480a7191e4c65d6318548f95207c8025e22f5912e5f7f51b9

SHA512
a981fcf877a21e4c59445fc97b19abb55cd41f9b625532a77df0f203e85fc2a751391b768f8c5fee8ec675fd3e66002328735709d76727ebf688526570a6e945

Download Submit
C:\Program Files (x86)\Cheatbook PS2 11.2000\uninstal.ini

Filesize
1KB

MD5
12fbc0f44b0e0674f70000e779320a5e

SHA1
969e39479c340b7781c53f112f8257e610e16bd5

SHA256
e3d0bcfe632ce890f839a46ca12b3454e49f2f6266c93c4ba7694ac9a151fe3d

SHA512
4015cbbf56bf98520028f4ac37c9225d91ab3434762d1cd0210bae5ac4d57f2d4465fa31f48a9c7c6d6165c57000a0a8a338546f8cb7088e2294bd26fa5a6796

Download Submit
C:\Program Files (x86)\Cheatbook PS2 11.2000\uninstal.ini

Filesize
226B

MD5
ebe48e245d10c6db9d8e0b6f7b3a2973

SHA1
f472e303d4d37851e01c57372de1c621a1003108

SHA256
e51b8ee1d7dace3234635692c4801a4cab61a012310bb4e0e2ccd6ebe00d4067

SHA512
3be6709934ae210b0ebd5101ae3b5d30cb273b3e5cb8c7433f2400d79c84dd69bb0cfbbadbc715f897d463412f74fd2818a2ea92fdeaa0a783d3ec7be2eb8fe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\instcrin.dll

Filesize
64KB

MD5
cbcdbc81c4b1a044f12322ae0374108c

SHA1
c82ab4930643ed5d9ace189919715f9135277739

SHA256
401bd54a523109fa7e1c97aba658b61a0535ab916297a24ba873c83d4c6dc53c

SHA512
4236d99be009eeaba65cb00aa72b1d8e686d1342a68adb0745b691f8b2c31babc2097a53a480ece74b20a04c1f1543aebbcc4438668e51d0f9810906543eabae

Download Submit