Overview

overview

10

Static

static

1

8e4dc96dc3...18.exe

windows7-x64

10

8e4dc96dc3...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-11-2024 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e4dc96dc37e0c882500ecd0983f05fe_JaffaCakes118.exe

  • Size

    73KB

  • MD5

    8e4dc96dc37e0c882500ecd0983f05fe

  • SHA1

    c467a8399c92e0d8ff73f7bad9ea1194cae903d0

  • SHA256

    b4e5c71440c20850e73fbb8e70bb2a8b1c69ba06433f5010ef036361edace8b3

  • SHA512

    4f930ad43d9bcfb6a0a01d7d1d31b059e0eb5d23be2934636abd65a673020200a9afc0a43c46e9af6d1406403543b7c445dbbefb310f149fdbc755f8e3debfeb

  • SSDEEP

    1536:yCaIoX1oYOcbTMV88TXJLEu42EsCGu3SzRO:yCaZ2Yrb0VTXJYWEsCGuiU

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 9 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e4dc96dc37e0c882500ecd0983f05fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8e4dc96dc37e0c882500ecd0983f05fe_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Users\Admin\AppData\Local\Temp\nsv6D42.tmp\MSNGamesSetup.exe
      C:\Users\Admin\AppData\Local\Temp\nsv6D42.tmp\MSNGamesSetup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:5048
      • C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\InstGameInfoHelperMSN.exe
        "C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\InstGameInfoHelperMSN.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3720
      • C:\Program Files (x86)\MSN Games\AdminWorker.exe
        "C:\Program Files (x86)\MSN Games\AdminWorker.exe" AddArcadeToFireWallExceptions
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4564
      • C:\Program Files (x86)\MSN Games\AdminWorker.exe
        "C:\Program Files (x86)\MSN Games\AdminWorker.exe" restoreShortcutsPathes
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4788
      • C:\Program Files (x86)\MSN Games\iWinTrusted.exe
        "C:\Program Files (x86)\MSN Games\iWinTrusted.exe" -install
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:724
      • C:\Program Files (x86)\MSN Games\MSNGames.exe
        "C:\Program Files (x86)\MSN Games\MSNGames.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Checks whether UAC is enabled
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3268
        • C:\Program Files (x86)\MSN Games\iWinTrusted.exe
          "C:\Program Files (x86)\MSN Games\iWinTrusted.exe" -install
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:1316
        • C:\Program Files (x86)\MSN Games\AdminWorker.exe
          "C:\Program Files (x86)\MSN Games\AdminWorker.exe" StartProcessNoWait "C:\Program Files (x86)\MSN Games\\iWinTrusted.exe" "-install"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2612
          • C:\Program Files (x86)\MSN Games\iWinTrusted.exe
            "C:\Program Files (x86)\MSN Games\iWinTrusted.exe" -install
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:3168
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2f4 0x474
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\MSN Games\AdminWorker.exe
    Filesize

    617KB

    MD5

    6772fdec98b776314724f63be2f657b3

    SHA1

    6014eb84c278072a501790a9be7c061156c4b824

    SHA256

    8265375aa8916022cddaf5921f034b787416af5be65526f0a15e5791ebd257ed

    SHA512

    0bad9e075ff4df3606ae7efc3ad8e2038e0b7f69379b72bfbe2686ba6d92a7b3251b0cf021af9b9231b60b92d42a0af2f0e8a150e44b5410dab7e4b8b9a2273a

    Download Submit

  • C:\Program Files (x86)\MSN Games\MSNGames.exe
    Filesize

    10.7MB

    MD5

    a723f73cafced792d6b908c70368aa5e

    SHA1

    76725a966bb2f0151f9cbbd7ef41b4aa59255ca3

    SHA256

    79b411d4ec2da73268cf304e5af339544cc516f1b9469a6722afcd72cc9aca1c

    SHA512

    92f49b895638473084cf2c86b94ec414fc8c6ba5a1d0dba2cee999366f4f5983dff4ae986de12ad71591242aa511b732c80e28d58ee9151477e54419b8c92759

    Download Submit

  • C:\Program Files (x86)\MSN Games\WebUpdater.bmp
    Filesize

    47KB

    MD5

    3bef430235c592989ef45d64b8995fda

    SHA1

    0d99277cdeec4845540bcf456531b57e0e939cdd

    SHA256

    624426067e03d13efcfc88d570cc593649b67bafd9bf673ab46046dab00d8d5d

    SHA512

    7dd5904c5ff5680be017238bb3ed96f6652d575d2eb6d85d2a3ac8045c58d836ddca12d73ebab831f22a9b57a0e410c2a56359b5abf567be5ec565a9c781af96

    Download Submit

  • C:\Program Files (x86)\MSN Games\WebUpdater.exe
    Filesize

    671KB

    MD5

    52eaaf6ea657484ccb5cc429c13d7035

    SHA1

    888fd64b7a242abd336556c0c2c302f6a3dc7cca

    SHA256

    af3b16498f5afdb202b0a23ff878fe7a8f63161f7eaa715ea3b45a71fbfa63fe

    SHA512

    43f0774b5e1efed45615743e5fc2396a4e19f74a4869cad7fb5afb80a4133499fe3b3a5610680538f0f3a569831219a2a8fbfbe2166919d0d98ad94ff0e87f3a

    Download Submit

  • C:\Program Files (x86)\MSN Games\iWinTrusted.exe
    Filesize

    218KB

    MD5

    f117e941af67e0c73327b261d03d8293

    SHA1

    c00aa7b9217793451b3cb5658a4f54a313ec2e36

    SHA256

    cf76079b5d416815c3607b309336f5d6801a9953ad3d9d87eaebdffb531b08ea

    SHA512

    1e5383d26544f082a0f7b20f828597c0a7004b7f71af285b40ec241fea739a96459b6899bd36ba5b216012ce87bc7b403797dc5c481aa947a63f26aeea571b1c

    Download Submit

  • C:\Program Files (x86)\MSN Games\pages\blank.html
    Filesize

    104B

    MD5

    9482e5ee38471e5b6a688ad0d02fe6b4

    SHA1

    12dfac1206e34a47b2d3f639106056c9f7ca3e7a

    SHA256

    a655fa3c755d22a5a95b01a91030fe889e8c37e900226a05fc32aebd04fc4e2d

    SHA512

    c8b1ec8ef2d48d3c8d57c2728bb1ae6d150f43bc3ccba063b819ae1e7809331b170fc764d655db5ee11c838cbb74b91abc3abd837d98830589ee5b3aa3e905a4

    Download Submit

  • C:\Program Files (x86)\MSN Games\pages\blank2.html
    Filesize

    74B

    MD5

    90b42fd8e93203218847a3c0a646d377

    SHA1

    0d485e2de867448e4853031d5714942128d92983

    SHA256

    aec450600b1ea9c5cd12a92ff9764092434c2cca7e56c10c7b11a63a13209c5f

    SHA512

    de8ab5192fbb9e1df4f1baa7436f2d21cbb94f921931d502aed87049b46affe2dba1929ef48b528f114722cff7c797d381070b35884f7bea18813df355b0ffab

    Download Submit

  • C:\Program Files (x86)\MSN Games\pages\iwgm.loading.jpg
    Filesize

    40KB

    MD5

    bf7e93622206bd7206494a7b805c0954

    SHA1

    5dec728c393cafd17d55a18501770ce22f16ffae

    SHA256

    cabc0465f851bce0342470e5f4d81a5f4045028d4093d059225b4f76eb6297d7

    SHA512

    f60adc9f8086793070c9fe7b7f1aab75251a4c71622c364ff6fc0e63b5f14da3e56cbca412ce2d80322713d4e4ca6944ede640878f1d115a48b08a891305d9ce

    Download Submit

  • C:\Program Files (x86)\MSN Games\sounds\animation.wav
    Filesize

    77KB

    MD5

    3ef7618619348fbbeca7b0f772be7e5c

    SHA1

    d86829f29c8f22c2d3562269b3d2f0c3b822ad0c

    SHA256

    d361e7b9d8d6e1e3c2b4977f53a06a363183b74796b27cbba2d0277a7e19a872

    SHA512

    b7c339678b214ff57594f02f2953ec762584f8b31644b1f63ac55586423fd34a7afae9c3d208db7caaab6e30bcb806cc9720cdb34c58f466aabad547d3263376

    Download Submit

  • C:\Program Files (x86)\MSN Games\sounds\button_click.wav
    Filesize

    8KB

    MD5

    d5c43fe0fd3f6b5c1d2d96ef21834f9d

    SHA1

    f8e36c4fe187396cec014bb2e733d953b3a76fdd

    SHA256

    ed0c4264b99666a9e59299097c2acc7549dcf7e896c2a7584d65a616aaa415e1

    SHA512

    e629e4cab48e75c35dbbb33b427c31babe814ecadf4357695e7bb3370ca838005c9c156a3dcb79f574cfd4b05b4fa6b55c991f249d9f3b6b072c3d87468c04cc

    Download Submit

  • C:\Program Files (x86)\MSN Games\sounds\start.wav
    Filesize

    57KB

    MD5

    94ab5e493c7fd8358c9a893d0a108d5f

    SHA1

    5dd41e775bb246ee33cbbb6bbf1a4a6b65da1173

    SHA256

    54e995d1600802e1dccb785ba3ea20d14c85b54e70c397d48074135f2c731b4a

    SHA512

    f95197a3f28d57c77ad4f40346d941ce075e83bec79531eb7000b981f9587f0ccbe962edb11390c4a122386666e0665f1572091489338760a2dcd2bba0113164

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\GameuxInstallHelper.dll
    Filesize

    94KB

    MD5

    4d3ac88054df63fc810427bdaa96c458

    SHA1

    e4d554e03ba91f6b53a2a80253b339f56e303c94

    SHA256

    b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6

    SHA512

    d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\InstGameInfoHelperMSN.exe
    Filesize

    455KB

    MD5

    0025cd88501fa44e826bc9ed4bdef2fb

    SHA1

    c1a5d54809ba50bea7c4cac90563eb50b1d973ab

    SHA256

    f26ccc52aee7f6949d33a8c5eae4829bf94ad338765b04b68214cb5f375d5d59

    SHA512

    96a78d4d84fa9aa74f7791d01534e9c18cabf31a73b2e6711d4152527e16265163f415b43f418112652f3642192a8409383098899f84cb762c4cf6ff2c8140fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\gametitle.txt
    Filesize

    8B

    MD5

    a0b36eb2cee818082dab474220c57a27

    SHA1

    3294510092c0cf3015de004fdb33d13525bc9985

    SHA256

    1475259782959980271dfc12bcd2cfda5a2c4ec551708106aee52b0ee73cd1fb

    SHA512

    8312f360a907734091c5af9260cc10f849206ceccd875f281b2c1533fd485f8620eec80a96588133e79fcc2305c5af1554040cd4be01261d7005bdb6b5e35dc7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    acc2b699edfea5bf5aae45aba3a41e96

    SHA1

    d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    SHA256

    168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    SHA512

    e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\tn_feat.bmp
    Filesize

    4KB

    MD5

    de49b3944a8d41f82560af9867921bce

    SHA1

    7618d7e8bc507c0d2d39365df2bf327997bebb4b

    SHA256

    ad51ae32c1a24b8afbc294604022cfedbfbddc7050bdd77e1a22b8c4b15398c0

    SHA512

    394df247bf1c84187220263b33a506f099c61cc4e2a8507bbcbe984d1215360445cb3c60112fa0c2bb97e6eb7a26bfcbdb26cc3eab05ba42e8c6e61276688a1d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb88E8.tmp\tn_feat.jpg
    Filesize

    1KB

    MD5

    0e3369e022dfa435f6a30cec24f3ba8d

    SHA1

    a951162baf41cba7a627389e949c60f1a022f826

    SHA256

    d26608e6c8d3f5adacce8011cd32b81be6fd6d1d13c77a81f31431ad9d54fb6f

    SHA512

    a566384a3a91eff2879137e5e588a9696a47dc30b31f2a0bb03cdce3a360b114a97bb78f1f9baadd2b77cdad51b152efebb88f4fdc66ffb9c29d3f02dc177358

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsv6D42.tmp\MSNGamesSetup.exe
    Filesize

    45.6MB

    MD5

    7b3ec6d1800cddc1b195d98244e98e5a

    SHA1

    4f1f7318c220cfca2d8631dc3398c3242bf34115

    SHA256

    3cb4ae53e2756e00d016427ff3e27a488376e1ce81b5a2ce4e24520e7ca8000a

    SHA512

    d8ff6fee981cd039499ea2b78d2565a5418a867a40eea43310051ff90a5f2a7462cd3c63c87f9e539135d91bcea0bf2dd5ceb25256201f781c8f49c344d0fb93

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsv6D42.tmp\System.dll
    Filesize

    11KB

    MD5

    960a5c48e25cf2bca332e74e11d825c9

    SHA1

    da35c6816ace5daf4c6c1d57b93b09a82ecdc876

    SHA256

    484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

    SHA512

    cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsv6D42.tmp\ftdownload.dat
    Filesize

    512B

    MD5

    e3b30215f964837c4b9ee6935dc42d73

    SHA1

    ab85287c1044602581e30f24c014e58bdefd4a9f

    SHA256

    3f3c4dbb9714bfc3dd348de64d682f7c0842acc1dfd4528f1a5b4381175f8bd5

    SHA512

    a53c8589f28a331b438ff5315128661b4c31d69f1fdeeb0479874c1fcfca816d2714869bfeabfb3b3b93f9335635b83eccb6e7380ce5b8c8a7103f57e257b19e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsv6D42.tmp\nsisdl.dll
    Filesize

    14KB

    MD5

    a5a4cee2eb89d2687c05ef74299f0dba

    SHA1

    b9bff5987be422887f2f402357b47db2288a1a42

    SHA256

    cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

    SHA512

    f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

    Download Submit