Analysis Overview
SHA256
d90caba2afccdde55362caf4ba52e8a40f75b9ded6d0fd421f467486c27d44ce
Threat Level: Known bad
The file fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detects MyDoom family
MyDoom
Suspicious use of SetThreadContext
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Program crash
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-28 10:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-28 10:39
Reported
2024-09-28 10:41
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2676 set thread context of 2696 | N/A | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe |
| PID 2676 set thread context of 2868 | N/A | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\program files\kazaa\my shared folder\Windows 2003 Advanced Server KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Email Spider.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\DivX 5.0 Pro KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\Microsoft Visual Basic KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\Download Boost 2.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\Microsoft Visual C++ KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\AOL Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Youtube Music Downloader 1.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\Ashampoo PowerUp v3.10.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\Acker DVD Ripper 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\Icepack IDT Gold edition 2008 LEAKED.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\VmWare ESX GSX server keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Error Doctor 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\Hotmail spammer bot.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\BitDefender AntiVirus 2008 Keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\Adobe Soundbooth CS3.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Boilsoft DVD Ripper 2.82.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\VmWare keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Adobe Soundbooth CS3.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\VmWare ESX GSX server keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\Microsoft Visual Basic KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Ashampoo PowerUp v3.10.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\TCN ISO cable modem hacking tools.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Super Utilities Pro 2008 8.0.1980.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Acker DVD Ripper 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\Shadow Security Scanner 10 Gold.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\Hotmail account bruteforcer bot.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\CleanMyPC Registry Cleaner v4.02.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\YZdock Machintos osX like toolbar for windows.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\Tarantula Full version CRACKED by RaZoR.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\TCN ISO SigmaX2 firmware.bin.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Microsoft Visual Studio KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Adobe Acrobat Reader keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Email Spider.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Daemon Tools Pro 4.10.218.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Microsoft Visual C++ KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\Norton Anti-Virus 2008 Enterprise Crack.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Icepack IDT Gold edition 2008 LEAKED.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\PC Secuity Tweaker 7.6.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Adobe Acrobat Reader keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\Shadow Security Scanner 10 Gold.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\Youtube Music Downloader 1.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\YZdock Machintos osX like toolbar for windows.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Daemon Tools Pro 4.10.218.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Download Boost 2.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Daemon Tools Pro 4.10.218.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\Error Doctor 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\Windows 2003 Advanced Server KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\DivX 5.0 Pro KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\CleanMyPC Registry Cleaner v4.02.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Mirc Keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Shadow Security Scanner 10 Gold.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\VmWare keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\Hotmail spammer bot.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\ProRat 2.0 Special Edition.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\SuperRam 5.1.28.2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\CleanMyPC Registry Cleaner v4.02.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\YZdock Machintos osX like toolbar for windows.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\Boilsoft DVD Ripper 2.82.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\Youtube Music Downloader 1.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\AOL Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
C:\Windows\SysWOW64\notepad.exe
notepad C:\Users\Admin\AppData\Local\Temp\Message
Network
Files
memory/2696-0-0x0000000000400000-0x0000000000407000-memory.dmp
memory/2696-4-0x0000000000400000-0x0000000000407000-memory.dmp
memory/2696-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2696-6-0x0000000000400000-0x0000000000407000-memory.dmp
memory/2696-7-0x0000000000400000-0x0000000000407000-memory.dmp
memory/2868-8-0x00000000004A0000-0x00000000004AA000-memory.dmp
memory/2868-16-0x00000000004A0000-0x00000000004AA000-memory.dmp
memory/2868-15-0x00000000004A0000-0x00000000004AA000-memory.dmp
memory/2676-13-0x0000000040000000-0x0000000040024000-memory.dmp
memory/2868-12-0x00000000004A0000-0x00000000004AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Message
| MD5 | fc0a33038279301d963880966d5365c8 |
| SHA1 | bd4d017ff0f748a21ca170689d1ff26f7e51d8eb |
| SHA256 | f90536fdb1adffefbe6cf596e99bbca70822aa0cbcce3aa6de790a8355a5221d |
| SHA512 | 4766794c0c2a28a0007439324c6a942549b69a9a6e9877e8e7304222b93256149d5ee43276912da0526c6f53b73f76680d88064b4d2a5a89ebf6399381cab6e0 |
memory/2868-19-0x00000000004A0000-0x00000000004AA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-28 10:39
Reported
2024-09-28 10:41
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2340 set thread context of 3204 | N/A | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe |
| PID 2340 set thread context of 4556 | N/A | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\program files\grokster\my grokster\SuperRam 5.1.28.2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Absolute Video Converter 3.07.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Email Spider.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Super Utilities Pro 2008 8.0.1980.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Acker DVD Ripper 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\ProRat 2.0 Special Edition.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\TCN ISO cable modem hacking tools.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\TCN ISO cable modem hacking tools.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\SuperRam 5.1.28.2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\TCN ISO cable modem hacking tools.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\CleanMyPC Registry Cleaner v4.02.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Ashampoo PowerUp v3.10.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Anti-Trojan Elite v4.01.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\Adobe Acrobat Reader keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\Email Spider.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\Super Utilities Pro 2008 8.0.1980.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\Microsoft Visual C++ KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\Adobe Acrobat Reader keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\AOL Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\TCN ISO SigmaX2 firmware.bin.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\Adobe Soundbooth CS3.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\CleanMyPC Registry Cleaner v4.02.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\AOL Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\AOL Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Download Boost 2.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\Download Boost 2.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Youtube Music Downloader 1.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\AOL Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Adobe Soundbooth CS3.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Error Doctor 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\Microsoft Visual Basic KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\BitDefender AntiVirus 2008 Keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Acker DVD Ripper 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Youtube Music Downloader 1.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\Microsoft Visual Basic KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\CleanMyPC Registry Cleaner v4.02.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\VmWare ESX GSX server keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\CleanMyPC Registry Cleaner v4.02.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\DivX 5.0 Pro KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\ProRat 2.0 Special Edition.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\VmWare keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\Absolute Video Converter 3.07.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\Hotmail spammer bot.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\Wow Glider incl serial.SFX.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\Adobe Soundbooth CS3.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\DivX 5.0 Pro KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\Error Doctor 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite\my shared folder\VMware Workstation 6 Windows keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\SuperRam 5.1.28.2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\YZdock Machintos osX like toolbar for windows.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\emule\incoming\Download Boost 2.0.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\DivX 5.0 Pro KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\limewire\shared\Acker DVD Ripper 2008.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa\my shared folder\AOL Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\Microsoft Visual C++ KeyGen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\Password Cracker.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\winmx\shared\Super Utilities Pro 2008 8.0.1980.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\icq\shared folder\Tarantula Full version CRACKED by RaZoR.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\Mirc Keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\kazaa lite k++\my shared folder\CleanMyPC Registry Cleaner v4.02.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\grokster\my grokster\Shadow Security Scanner 10 Gold.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| File created | C:\program files\tesla\files\Adobe Acrobat Reader keygen.exe | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\fc1e7eba45bb977d149d544c6502ed5b_JaffaCakes118.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2340 -ip 2340
C:\Windows\SysWOW64\notepad.exe
notepad C:\Users\Admin\AppData\Local\Temp\Message
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2340 -ip 2340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 456
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
Files
memory/3204-0-0x0000000000400000-0x0000000000407000-memory.dmp
memory/3204-2-0x0000000000400000-0x0000000000407000-memory.dmp
memory/3204-3-0x0000000000400000-0x0000000000407000-memory.dmp
memory/4556-4-0x00000000004A0000-0x00000000004AA000-memory.dmp
memory/4556-6-0x00000000004A0000-0x00000000004AA000-memory.dmp
memory/4556-8-0x00000000004A0000-0x00000000004AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Message
| MD5 | d83640e38f42f94ee7702483b6bf472f |
| SHA1 | 89b8c08e83124fa74f02e0695402d75c11f4612d |
| SHA256 | 22811ecea6680e50ff4adc1d313e852d1a20f75b94a375641cb46d0c7c000edf |
| SHA512 | 1ffe6dc292f6d6765e7318752833aa2452bc96d82ffa31a385e30a6578aae3ae5c0af7b249430d64b052f368abbd7605481bf22d035cb48bc11bdb1173658791 |
memory/2340-11-0x0000000040000000-0x0000000040024000-memory.dmp
memory/4556-12-0x00000000004A0000-0x00000000004AA000-memory.dmp