Analysis Overview
SHA256
ca3a63446d2d40562b1f0ec100d29effb5a004e747c3ac0236f6e8eb9c63a93a
Threat Level: Shows suspicious behavior
The file dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Suspicious behavior: RenamesItself
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 05:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 05:34
Reported
2024-04-06 05:36
Platform
win7-20240221-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\UsaShohdi.asu | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\UsaShohdi.asu | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | \??\c:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\IEContentService.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\uninstall.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\bin\jconsole.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Games\Hearts\Hearts.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\WINWORD.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Java\jre7\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\GRAPH.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\misc.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\SETLANG.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\crashreporter.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\chrome.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\uninstall\helper.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\Wordconv.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Games\Solitaire\Solitaire.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe"
Network
Files
C:\Windows\SysWOW64\UsaShohdi.asu
| MD5 | a6bf392e65fafb41cf9d2730e131bc8d |
| SHA1 | 533fb00e00d775dfc34613c43134ece06eff22b1 |
| SHA256 | 7df75c216cf38121a016c946eca3e6ab971ff997e6b2dbf546048f6948d2f44c |
| SHA512 | 3a976d027c725653ddd10df49fe843f1859db31509472b755837acc754ef513ef5eb8c938c9d103e7425edcdf5aef3632020d9fd10f0ed9a0a724cc748ed0446 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | bc5cd02ddb97cbcde8f0505c8ec2753b |
| SHA1 | 580a305ccc2bf18e1e1bb9e3a8542ea6cd2e845a |
| SHA256 | a82bd6d2371ddfe74bb4649b9b23dd50d236543079c9e24ba3fef1e9859ec3a6 |
| SHA512 | 89cdc6ee84e355667a104e82b43825a88edfacd13b904ed5a4f92535ddfb6583620ec036181be28a9b4eaadaf48d33787da5fc917a4cd593cfc2fc1906c97d14 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 05:34
Reported
2024-04-06 05:36
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\UsaShohdi.asu | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\UsaShohdi.asu | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | \??\c:\Program Files\Mozilla Firefox\firefox.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\identity_helper.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\WORDICON.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\chrome.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jre-1.8\bin\javaw.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\pwahelper.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\ORGCHART.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\notification_helper.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge_pwa_launcher.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Java\jdk-1.8\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\BHO\ie_to_edge_stub.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\BHO\ie_to_edge_stub.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\7zFM.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\POWERPNT.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\BHO\ie_to_edge_stub.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\VPREVIEW.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\cookie_exporter.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\vlc.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\firefox.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jre-1.8\bin\ssvagent.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedgewebview2.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\bin\javaw.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\MSOSREC.usa | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe | C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3240 --field-trial-handle=2588,i,4353937220825226770,7138584070663735671,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
Files
C:\Windows\SysWOW64\UsaShohdi.asu
| MD5 | a6bf392e65fafb41cf9d2730e131bc8d |
| SHA1 | 533fb00e00d775dfc34613c43134ece06eff22b1 |
| SHA256 | 7df75c216cf38121a016c946eca3e6ab971ff997e6b2dbf546048f6948d2f44c |
| SHA512 | 3a976d027c725653ddd10df49fe843f1859db31509472b755837acc754ef513ef5eb8c938c9d103e7425edcdf5aef3632020d9fd10f0ed9a0a724cc748ed0446 |