Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 05:34
Static task
static1
Behavioral task
behavioral1
Sample
dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe
-
Size
90KB
-
MD5
dc82b95bc77bd7adf65a776e2252a799
-
SHA1
45bff1aecaaee83e46b00546c1547f9ec00130db
-
SHA256
ca3a63446d2d40562b1f0ec100d29effb5a004e747c3ac0236f6e8eb9c63a93a
-
SHA512
6c43ac9aa64c4e482fcb181675689366a72c4d06b8165f42d2b558543d63428f9e7d3a6caf91770928e87c6bb7769a03f766507d7428b26d9c02b1ab2f3c34dd
-
SSDEEP
1536:NdF6Y9JIXfLrhoCQISaS86P9cPGK7v4Bv1HQ2YmK:NR2FoCQaS8y9cPz4BvFQH
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\UsaShohdi.asu dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created C:\Windows\SysWOW64\UsaShohdi.asu dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\Program Files\Mozilla Firefox\firefox.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\identity_helper.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\WORDICON.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javaw.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\pwahelper.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\7-Zip\7zG.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ORGCHART.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Mozilla Firefox\maintenanceservice.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\notification_helper.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge_pwa_launcher.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Java\jdk-1.8\bin\javaws.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\BHO\ie_to_edge_stub.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\BHO\ie_to_edge_stub.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\7-Zip\7zFM.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\POWERPNT.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\BHO\ie_to_edge_stub.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\VPREVIEW.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\cookie_exporter.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Mozilla Firefox\default-browser-agent.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\VideoLAN\VLC\uninstall.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\VideoLAN\VLC\vlc.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Mozilla Firefox\firefox.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\ssvagent.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedgewebview2.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\javaw.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOSREC.usa dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
PID:4180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3240 --field-trial-handle=2588,i,4353937220825226770,7138584070663735671,262144 --variations-seed-version /prefetch:81⤵PID:412
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD5a6bf392e65fafb41cf9d2730e131bc8d
SHA1533fb00e00d775dfc34613c43134ece06eff22b1
SHA2567df75c216cf38121a016c946eca3e6ab971ff997e6b2dbf546048f6948d2f44c
SHA5123a976d027c725653ddd10df49fe843f1859db31509472b755837acc754ef513ef5eb8c938c9d103e7425edcdf5aef3632020d9fd10f0ed9a0a724cc748ed0446