88e6926483429d26ff92654a1c9f1977d30c577654cad7e733e4d916413f6b96

Analysis

max time kernel
37s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
Size

15.1MB
MD5

8d08d410e92bb112cff5dcc9707c637c
SHA1

1099feb83a927497f1f5500e0503d761e837d3fa
SHA256

88e6926483429d26ff92654a1c9f1977d30c577654cad7e733e4d916413f6b96
SHA512

aca4166a240e2d3a54ad3a75c05cc72a6bde4d67e7490aedd226c94667c6b63523b992aa5fc5dda73e8da0fc87571b8e143d5cabfa87b09abb8b2c7d51ed3fae
SSDEEP

393216:lwUN2fk34EjfYob8H+KzpyruFDJgb26M0jhWlk:lwnBQY48HCuFDJW2Book

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3060	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
3060	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe

Drops file in Program Files directory 52 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\ConferenceMgr.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\0804.xml	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\20.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\22.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\xlCredit.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\GIF89.DLL	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\NetKeeper.dat	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\english.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\xinlientryxp.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\RTCS_Log.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\default_ad_view.html	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\skinmm.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\14.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\16.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\DLmode.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\Main.exe	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\bindconfirm.dat	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\config\basic.xml	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\ImageOle.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\defaultADGif.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\0.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\1.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\EDCUpdate.exe	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\version.ini	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\detector.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\doload.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\xinlientry98.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\readme.txt	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\100.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\12.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\Updatemode.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\ConfManagerDlld.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\13.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\15.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\17.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\18.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\19.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\2.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\bmpres.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\statistics2kup.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\xinlientry2k.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\config\config.xml	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dc.exe	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\uninst.exe	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\gpeerm.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\10.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\11.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Emotions\21.gif	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\DRegClientDll.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\NetKeeper.exe	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\Settings.dat	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\ConfManagerDll.dll	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3060
- C:\Program Files (x86)\ChinaNetSn\bin\srasport.exe
  "C:\Program Files (x86)\ChinaNetSn\bin\srasport.exe" anxiaohui
  2⤵
  PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ChinaNetSn\bin\srasport.exe

Filesize
28KB

MD5
6d05bf5ebc761bff42890e231b4554d6

SHA1
f7053600daffa0f143d91562516335e03b1974d7

SHA256
6240d2dbfe65901f2483b36dc34e220cddbffb5f68b89233b847a232c46f9f4a

SHA512
8bd01f1e03c337727953c2c2cfceee1fbe5d0c41ef79335e4c23a542a2dd9206a9f171753b05501e0d77709229f89ea4d2971460adb25af3b960972fdfc6a6ea

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\MSSCCPRJ.SCC

Filesize
483B

MD5
0cf6771381dd14893497a24d7427af1a

SHA1
14cba86b8b85bc9abe7f567ab98334d1a19a3758

SHA256
3558c2a61fc57b54f80eb03e0873196125d37e6f079cac807602736b19b312ad

SHA512
6cfecf0e0fdaec5624d5b539571ce41e45d335a3b9c9755cf49c7b1383b6b1b8499ac23800bdeeed6c7540a9090902344d759dcd401788f7adcc5f69a51b1f41

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\button_enter.bmp

Filesize
12KB

MD5
72aa5131841566021c4125b5060b5d03

SHA1
75066bc5a5c36d6350515e075c71a546d387ea53

SHA256
33bb9ca96efa1c7712187208c9d489c504e869a5d646c78c3b5722e456d32a3a

SHA512
dfac9f08c61a0fadf4c742255f468b555c5308d2358e99a8265cd75246e873c3c3e371eae6380af29c4c2d36f69dd5759c632f05d6abeb18a2467c4bdbdf92bf

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\AddMeetingUser_0.bmp

Filesize
94B

MD5
b4a210ce3a46d183b47b711840c5274a

SHA1
985bc4815fdcbe43a36e8ada247ece660bbffbcb

SHA256
349f6cfb44127451b5fcbfdbb5e24daf659ca61e6eb8bf87d449b0487fb3b4ed

SHA512
1e0c541417a41922402bb906d62e88cbd61d33d0e02a25b931bbb3ea2a6354bb6458bc769efe9e66b44a74442bd8b5965a929a44a5d4d79d744f30687bdaadf2

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\AddMeetingUser_2.bmp

Filesize
94B

MD5
e65808d2d1286615722ef257d64572a3

SHA1
1bd7e8ebd8718bca7f3d89b9afd5d98c0f33bc5f

SHA256
17f5afcd124ce1b013c4ed380d05790025136c10ceefc8b7cbc7675ab4623f36

SHA512
f548139063a3482f0dc9d0749061f9ee10aa60cbd06669d93e92e3d4f79dc618ab68f005c29ab0d4044abfeb39a50a70a5b68b13fd618e37eda8e28e1154202d

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\calling_04.BMP

Filesize
3KB

MD5
2ec91d1ce2b3c7bf8b0bea1e5dfd76d2

SHA1
fc1985054309d788e2a7acee4114797f4dda4d9a

SHA256
c89bb067d982388e97e6908a6090caf9f390876b414cd9a4d03848ba2146cc15

SHA512
0598c7e2024b5bcaacbbb28d2b63ab90f6717691ac5f54c87a7df2ac706a3258346ee6c7099f5bda89efefa92a0900f762a5d23aca866fcaa11b021936dc6a9d

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\dialog-box_slidebar.BMP

Filesize
1KB

MD5
1509d4607def60f35d69ff55098d5c01

SHA1
911d6aa1a8267f6f48cbb58682794e6743c0a307

SHA256
d993062bcd4a4fded4123a805f2c494b5e67e7013168021fce4e53afabf526f4

SHA512
673eb9a657f2ec7c7b4b24bc790c4e157aa21e8b411d647e54bf69978576cc748ee5d61788c77eecd64baf5b8965c1996d3d93f6ec17dd7018b56dfde6f9a295

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\tab_09.bmp

Filesize
5KB

MD5
6118ea0ff98fbb784ea87c6e870becbd

SHA1
f7edfd4c1c2c3127d45a4ab40d8e70d58f133b4b

SHA256
8fa69f2403c04d1ae412798b6bb7efd1639ff4569943b7a1ce2c8dc6e8999523

SHA512
62a9223e965492c7afe526f0a04632f7725ab2f31428b6a48372f2aa6f9d7a7c2396739dbbbdf83e179e3657a731a1cd012b4ae217e62db345613b72ddf2c6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstBBB2.tmp\ioSpecial.ini

Filesize
577B

MD5
a32169d6720f484fa583dfdba3816c20

SHA1
323d1498d45ad3d2d332e3d6fc9ebe60dcd9695c

SHA256
fc24b6a10aa2500e241a059f43b44adb14e9a4af39951b8f9368feca2eca6acf

SHA512
d1eb28d7de74d014fbff745b7fc1fedb1bdf59b8c1dfe242928d40bdb8a30722b6c8a9b03f5833d6bf6bd390e6ac5f1ed5eabae94a3a54e84e372e366f965bc7

Download Submit
\Program Files (x86)\ChinaNetSn\plugin\EDC\dc.exe

Filesize
45KB

MD5
f3081446c9d261f90c8fde5d1732dba2

SHA1
d45c9b6b602b4f1491cb1174323626ef183e5fd1

SHA256
1548371df6638dd9db821f3802c654e43cc0633368e78cb56af698f3fe17a8b4

SHA512
e8adf88d8504a9003f50f9255a3d9ca8816850e1c5dbdcc89a0222405a453fd7093a67ae73b39676316d30d6875bc7ab174a70fc9fb5059ad5e4ff987ae4ba57

Download Submit
\Users\Admin\AppData\Local\Temp\nstBBB2.tmp\InstallOptions.dll

Filesize
12KB

MD5
1e8f2fefe3ce893b117b26948b8978cb

SHA1
59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab

SHA256
8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519

SHA512
b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c

Download Submit
\Users\Admin\AppData\Local\Temp\nstBBB2.tmp\System.dll

Filesize
10KB

MD5
10c44246d99a1c2e5f5e6b52b111a63d

SHA1
0f41da79c3e789f4ae38738e3a5d73c538f8af4f

SHA256
7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

SHA512
e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

Download Submit