b0973be514affc90b3688b682f920971c971ce0ae9fea63ceb4bb8f578af513f

Analysis

max time kernel
28s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
Size

810KB
MD5

fdc40a3afb2ab6e08df0d5ff34b91f04
SHA1

67133afc0af5cb9f43d33b59ac584d3e45f7d693
SHA256

b0973be514affc90b3688b682f920971c971ce0ae9fea63ceb4bb8f578af513f
SHA512

b4b744d1809b766900d261c994c3d69fd257ad44efcb06db6c74de790d7a05a844c05f0504ffa14fbf0cdbcabdc0b4e71bef86830af65151b3035c30329f5777
SSDEEP

12288:3ryF6F/aLMm54G2nCEDzdAgvD9jSG8cyOyG2XCRVtRhnCTBRy8pRYAqN:37ILMm54GXU+M8cyOyGWCpnV87vqN

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.dll	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\SecretST.TTF	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\bod_r.TTF	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Pipeline.dll	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DissolveNoise.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\javac.exe	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadcor.dll	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\eu.txt	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fdc40a3afb2ab6e08df0d5ff34b91f04_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
6.3MB

MD5
0ebbfff1771f678db1726070e69012b2

SHA1
e096f1eb5f0a075160ca2a24ed23b611b95dde41

SHA256
14ed9522ac39c634103cf6460aacc01349844f9b6a15636660de385ac435e2b5

SHA512
0fb2b0d985ff79025499c82efbddeeedaba63c6a474aed357ede144082c26733b62feb05c040d0a58830c6a7401fa0a9d9665efbdb1ab7f79cfcfc5e0e26dd3d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer

Filesize
5KB

MD5
6b99099c6a9b959f824e420676fe3dc8

SHA1
ba9e3b5f2f7f710d263272019be5bf5db33bf614

SHA256
34d5d8dc208ef8c73bb46fb3002fa22b8954d52a4e53be3c56b9801aeab56918

SHA512
dfe061ddec4106e68c8ea789009b0e6bf7d27072bebd0bdb724e4ccadd215b9122b04198bbc362753e2b35af16d993ddf89b44b29bb79c0e7a16eeb97f3b3d26

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1756-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1756-32-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1756-610-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download