46e01393ba5f1af66b6bfe89290d51506e7b1469c6261027beef1e8fc016b067

Analysis

max time kernel
91s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
Size

483KB
MD5

dbc86485ce2224c661c5c40c7999bd5e
SHA1

acfd57c5c754dd34dab9c3191feea7dd65a3bd20
SHA256

46e01393ba5f1af66b6bfe89290d51506e7b1469c6261027beef1e8fc016b067
SHA512

7141896e029860c79933b4ed911bcfd01783243156d642ab6a94d84187409bd3610e87417ba2d1682dc1cdef431bf41d1d41aa765bf9d0843b083c16b7c3ee10
SSDEEP

12288:9Mqw+VsLkjrVlQB9FbDTF53nlNFRpO50w9XCfyGjN1PAcpgtHy8bC1G5c7lGQA/h:9Mqwy

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-983155329-280873152-1838004294-1000\desktop.ini	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-983155329-280873152-1838004294-1000\desktop.ini	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClient.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\COPYRIGHT	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationClient.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\rmic.exe	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\dcpr.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\deploy.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsBase.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Forms.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Royale.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\net.properties	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Design.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.WindowsDesktop.App.runtimeconfig.json	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.RegularExpressions.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lij.txt	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\ReachFramework.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\PresentationUI.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\lib\jawt.lib	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.AccessControl.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Numerics.Vectors.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationClientSideProviders.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationClientSideProviders.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\th.txt	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationTypes.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsBase.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msader15.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.Xml.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\WindowsFormsIntegration.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\en-US\iexplore.exe.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Xaml.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msxactps.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationCore.resources.dll	dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3884	336	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dbc86485ce2224c661c5c40c7999bd5e_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 964
  2⤵
  - Program crash
  PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 336 -ip 336
1⤵
PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
596KB

MD5
6350944cb8c8cc7298e6280d2b9a6bc5

SHA1
7b14de084a5bd7e0ec530017824ba54f77d4e4ec

SHA256
180f879fd9e3b87e9b50380147f19c72dac7c1da80a672093bd112c45bfb117a

SHA512
15facd1aa022d02d44570398e40638b088b88001c11ee69779967cbfa04025e463dfc48a8e5803bc7c02d01dc0a66ef4eb687ccc001573fa6af7138f9afe36c0

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads