Malware Analysis Report

2025-06-15 19:50

Sample ID 240406-f9elyace63
Target dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118
SHA256 ca3a63446d2d40562b1f0ec100d29effb5a004e747c3ac0236f6e8eb9c63a93a
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ca3a63446d2d40562b1f0ec100d29effb5a004e747c3ac0236f6e8eb9c63a93a

Threat Level: Shows suspicious behavior

The file dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: RenamesItself

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 05:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 05:34

Reported

2024-04-06 05:36

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\UsaShohdi.asu C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\UsaShohdi.asu C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\Program Files\VideoLAN\VLC\uninstall.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\IEContentService.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\VideoLAN\VLC\uninstall.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jconsole.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\Hearts\Hearts.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\WINWORD.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Java\jre7\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\GRAPH.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\misc.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\SETLANG.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\crashreporter.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\uninstall\helper.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\Wordconv.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Games\Solitaire\Solitaire.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe"

Network

N/A

Files

C:\Windows\SysWOW64\UsaShohdi.asu

MD5 a6bf392e65fafb41cf9d2730e131bc8d
SHA1 533fb00e00d775dfc34613c43134ece06eff22b1
SHA256 7df75c216cf38121a016c946eca3e6ab971ff997e6b2dbf546048f6948d2f44c
SHA512 3a976d027c725653ddd10df49fe843f1859db31509472b755837acc754ef513ef5eb8c938c9d103e7425edcdf5aef3632020d9fd10f0ed9a0a724cc748ed0446

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 bc5cd02ddb97cbcde8f0505c8ec2753b
SHA1 580a305ccc2bf18e1e1bb9e3a8542ea6cd2e845a
SHA256 a82bd6d2371ddfe74bb4649b9b23dd50d236543079c9e24ba3fef1e9859ec3a6
SHA512 89cdc6ee84e355667a104e82b43825a88edfacd13b904ed5a4f92535ddfb6583620ec036181be28a9b4eaadaf48d33787da5fc917a4cd593cfc2fc1906c97d14

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 05:34

Reported

2024-04-06 05:36

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\UsaShohdi.asu C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\UsaShohdi.asu C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\identity_helper.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\WORDICON.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javaw.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\pwahelper.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\7-Zip\7zG.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ORGCHART.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge_pwa_launcher.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\BHO\ie_to_edge_stub.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\BHO\ie_to_edge_stub.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\7zFM.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\POWERPNT.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\BHO\ie_to_edge_stub.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\VPREVIEW.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\cookie_exporter.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\VideoLAN\VLC\uninstall.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\VideoLAN\VLC\vlc.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\firefox.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\ssvagent.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedgewebview2.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\javaw.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOSREC.usa C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A
File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\dc82b95bc77bd7adf65a776e2252a799_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3240 --field-trial-handle=2588,i,4353937220825226770,7138584070663735671,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp

Files

C:\Windows\SysWOW64\UsaShohdi.asu

MD5 a6bf392e65fafb41cf9d2730e131bc8d
SHA1 533fb00e00d775dfc34613c43134ece06eff22b1
SHA256 7df75c216cf38121a016c946eca3e6ab971ff997e6b2dbf546048f6948d2f44c
SHA512 3a976d027c725653ddd10df49fe843f1859db31509472b755837acc754ef513ef5eb8c938c9d103e7425edcdf5aef3632020d9fd10f0ed9a0a724cc748ed0446