Analysis Overview
SHA256
bb868006817fcfd699c634ed8e75ae193d85171389fd64f16dd552ddefe4ca77
Threat Level: Shows suspicious behavior
The file bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Adds Run key to start application
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 17:54
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 17:54
Reported
2024-04-04 17:57
Platform
win7-20240221-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe" | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ICQ 4 Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\index.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Stationery\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\index.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\index.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\index.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\index.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\Winamp 5.0 (en) Crack.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\VGX\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Filters\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\index.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\ICQ 4 Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 152.16.216.97:1042 | tcp | |
| US | 141.155.18.210:1042 | tcp | |
| US | 166.77.247.195:1042 | tcp | |
| N/A | 10.16.19.82:1042 | tcp | |
| US | 69.107.3.151:1042 | tcp | |
| US | 16.115.197.92:1042 | tcp | |
| ZA | 16.155.5.211:1042 | tcp | |
| US | 8.8.8.8:53 | resources.jar | udp |
| US | 8.8.8.8:53 | resources.jar | udp |
| US | 15.80.153.39:1042 | tcp |
Files
memory/2368-0-0x0000000000800000-0x000000000080E000-memory.dmp
memory/2368-3-0x0000000000800000-0x000000000080E000-memory.dmp
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\Kazaa Lite.exe
| MD5 | bee2d07e102a5049e0d155b49e1f68b6 |
| SHA1 | 45f8d9cb54ac88d53e71888f29d14c29ff72b15b |
| SHA256 | bb868006817fcfd699c634ed8e75ae193d85171389fd64f16dd552ddefe4ca77 |
| SHA512 | 6c3db1bc5e434c8887a1ac1e49f4e1f41f9487c88e3ecfdda8d91545018a8fd7c4f88ccb1fd9bfcfd0badd71b5f13109ab2af3ad272048202a4400db1d4acb37 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 17:54
Reported
2024-04-04 17:57
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe" | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\Triedit\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\343B4C13-5C10-435A-9A70-4467BC88265E\root\vfs\Windows\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\lt-LT\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\ICQ 4 Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\Kazaa Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\pt-PT\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ar-SA\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\he-IL\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\sv-SE\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\343B4C13-5C10-435A-9A70-4467BC88265E\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ICQ 4 Lite.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\ICQ 4 Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\VC\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\nl-NL\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Kazaa Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\Harry Potter.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\Winamp 5.0 (en) Crack.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\343B4C13-5C10-435A-9A70-4467BC88265E\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\WinRAR.v.3.2.and.key.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Winamp 5.0 (en) Crack.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\Winamp 5.0 (en) Crack.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\index.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\et-EE\Winamp 5.0 (en) Crack.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\OFFICE16\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\Winamp 5.0 (en).ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\el-GR\Winamp 5.0 (en).exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\th-TH\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\Winamp 5.0 (en).com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\da-DK\Kazaa Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\zh-TW\Harry Potter.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\WinRAR.v.3.2.and.key.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\index.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\ICQ 4 Lite.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WinRAR.v.3.2.and.key.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\ICQ 4 Lite.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\343B4C13-5C10-435A-9A70-4467BC88265E\root\vfs\Windows\assembly\GAC_MSIL\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\Winamp 5.0 (en) Crack.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\Harry Potter.ShareReactor.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\index.com | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
| File created | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bee2d07e102a5049e0d155b49e1f68b6_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 65.100.45.145:1042 | tcp | |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.162.23.2.in-addr.arpa | udp |
| N/A | 10.160.21.76:1042 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.27.33.23.in-addr.arpa | udp |
| US | 24.188.122.134:1042 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 24.25.219.162:1042 | tcp | |
| N/A | 172.16.48.223:1042 | tcp | |
| US | 65.89.139.121:1042 | tcp | |
| US | 8.8.8.8:53 | resources.jar | udp |
| US | 8.8.8.8:53 | resources.jar | udp |
| US | 8.8.8.8:53 | mx.resources.jar | udp |
| US | 8.8.8.8:53 | mail.resources.jar | udp |
| US | 8.8.8.8:53 | smtp.resources.jar | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | nocorp.me | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.42.5:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | in1-smtp.messagingengine.com | udp |
| US | 103.168.172.219:25 | in1-smtp.messagingengine.com | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.42.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 172.18.21.121:1042 | tcp | |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.91.34:25 | outlook.com | tcp |
| US | 8.8.8.8:53 | in2-smtp.messagingengine.com | udp |
| US | 64.147.123.51:25 | in2-smtp.messagingengine.com | tcp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mx.mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | mail.mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | smtp.mozilla.org.xpi | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 16.115.195.209:1042 | tcp |
Files
memory/3276-0-0x0000000000800000-0x000000000080E000-memory.dmp
memory/3276-3-0x0000000000800000-0x000000000080E000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\ICQ 4 Lite.exe
| MD5 | bee2d07e102a5049e0d155b49e1f68b6 |
| SHA1 | 45f8d9cb54ac88d53e71888f29d14c29ff72b15b |
| SHA256 | bb868006817fcfd699c634ed8e75ae193d85171389fd64f16dd552ddefe4ca77 |
| SHA512 | 6c3db1bc5e434c8887a1ac1e49f4e1f41f9487c88e3ecfdda8d91545018a8fd7c4f88ccb1fd9bfcfd0badd71b5f13109ab2af3ad272048202a4400db1d4acb37 |