Overview

overview

7

Static

static

1

3b608dcead...18.exe

windows7-x64

7

3b608dcead...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2024, 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b608dcead1bac70579cbdb596ea70e5_JaffaCakes118.exe

  • Size

    407KB

  • MD5

    3b608dcead1bac70579cbdb596ea70e5

  • SHA1

    2cd25d044015437d60e6e83d476608a41ae03e4d

  • SHA256

    6b41e94ca05a282a1270d6128453a10a6ee968764ce637c8f4f18b7cc3fdee15

  • SHA512

    d33af6b22049b58ff564112c59d04a63ab0566a7bc9671797a58261b3ae5aec01c76f39f6b4d46360915ca13e80980ccfa59f170679c91d6fc59a65417f51f6e

  • SSDEEP

    6144:+AP/W6qXvugZwnE8AdIQfn90LKxL7blch+fIraFcXAW3e1QGPoNp:HW64ugZwEldeKxL75w+mUzW3eWGi

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b608dcead1bac70579cbdb596ea70e5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3b608dcead1bac70579cbdb596ea70e5_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Users\Admin\AppData\Local\Temp\Set9BD2.tmp
      "C:\Users\Admin\AppData\Local\Temp\Set9BD2.tmp"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4908
      • C:\Users\Admin\AppData\Local\Temp\PartyPoker_Installer\SmartInstaller.exe
        "C:\Users\Admin\AppData\Local\Temp\PartyPoker_Installer\SmartInstaller.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4848
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www1.partypoker.com/pam_images/installer/omn.htm?pid=Poker&bid=Party&lid=fr&sid=1
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1736
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:17410 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver16FE.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8R55UT9S\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker_Installer\BackGround.bmp
    Filesize

    580KB

    MD5

    529238cf64d2a4c3cc4ec8db58872601

    SHA1

    bcc6165c6b68ec30f8be808c54bbb1d89168865e

    SHA256

    23ae0902d20eb1807207c206bcb08648591f0bd6f0a8f4b58caa0c36d095daab

    SHA512

    93119f874917a45c62e69468a103d92b8500b6e081a11e1782a096d0131256efc0b44f1e33c36117196edb172dccbc4ac5a6e30b057e66c283bceea8d246873d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker_Installer\ConfigParams.ini
    Filesize

    1KB

    MD5

    0c52011551b86c8138bfdcc4ea7851e9

    SHA1

    a52d6c56ae8f7b485bb774c468dc5e5c82425bb3

    SHA256

    0d59a6509b3830c8b8d84930d15cd7827ab14d74e9536e5dd81371e3775ec15a

    SHA512

    7a61f317fbd8dbe3a14c47ae89c49fe248e5691a210c504d7fa7d4285d350832c5133a3354f1fdaf518e7b9b6cf69ce05a3de20d25993c76179c316d2776574c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker_Installer\Language.ini
    Filesize

    33KB

    MD5

    e010f2c9dc4464772eabe348ba285779

    SHA1

    bc76ce37644dd25f23ce167b65d5cf319fbae762

    SHA256

    9cc28cca78942c7b69b7f7df2715300782a498561daaaef5ecdece9965c5b56f

    SHA512

    b93f425346181e4980b954cc5b5c2d4e5c5ab74a589bceb71b583221127c501d397b0037c0c9dc4bebf34c5546debfa6b42e6aac2bcf20cdf756059ffaf62f8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker_Installer\Preloader.jpg
    Filesize

    24KB

    MD5

    419bb059b4cd6d29c165d2b546443539

    SHA1

    7cd1a423ea4b66aaea3bd43e3a34816fda5fc118

    SHA256

    655a7381aa59c90f8907bce4847c3ccf01946638377fe01934ceeaac72368cdf

    SHA512

    21894bb6a9453ac6f022521f7ed2dad78479dee51919840a267e2eb943316b40324c1ded1b6560b6a2ce18149529f5e5143043026df93daa7aae4a0a2ac39a82

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker_Installer\SmartInstaller.exe
    Filesize

    356KB

    MD5

    6eea374620c28305d218f7867e663fa6

    SHA1

    f2d0ee1a002372ba7425aa3a1e427b4354d30ea9

    SHA256

    e79f17cd4c3d1c083f0ce0c7c9b904f55fafa2c1a8b795b9c7135500e3c51a26

    SHA512

    15d097be4faa6ada522db4ebccbc546d7911558577bb1beacbae73387aaf4eb0649a12ba45d030892a861578fa86ad43c62f1fd2e04ef61b8270ab14388ad8a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker_Installer\zlib.dll
    Filesize

    52KB

    MD5

    4965107d112666d3835308a831a29274

    SHA1

    50439b99ce525ecb74c554e1dc43ddb39481dfa4

    SHA256

    105280995cd5746078d67b8651dfe4ad2abcd532d7ad528d3100c535b0b538af

    SHA512

    38fa8f0eeadd75bf212eaab458833cfd3445d00f3d77f1f8a86b7c3ba99376231c8b3fc3cfdff6f02f2ca9c90956c76f9055717712d35a7ca7b30172a0010b59

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Set9BD2.tmp
    Filesize

    373KB

    MD5

    ae18f50b7e86fcc6841e7dbe73e2a795

    SHA1

    d68ed337442dce322ac94f7ff1241537bf36b255

    SHA256

    a968d59a151cbee403e3fd5a70abd0480bb9351a1a05e8763759a0a53be57225

    SHA512

    c38d4ce35fe555bc007ce4dbff2419c6fbe03e626758b475b3550387f71a9b77c6938b7c95a45f77711975108008ee7d32cea01992c9f3c1f81ee0a4d2072ba0

    Download Submit

  • memory/4848-23-0x0000000000470000-0x0000000000497000-memory.dmp

    Filesize

    156KB

    Download

  • memory/4908-24-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download