7b7c08504ceddd489baa091d8d935c5342e58b05bdd538c27bcb709d975a6088

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
Size

2.8MB
MD5

e7c8d63da6ccc7421b90b81f5bdf2fbc
SHA1

72ebd9d2017bed243be6a3d38f64a0306f8b1200
SHA256

7b7c08504ceddd489baa091d8d935c5342e58b05bdd538c27bcb709d975a6088
SHA512

ddf8721657a61ea6b2f3560fbab1d14574fa07882c50b1e77abd390e95748836f62fd8947c88657b7b9c493a18c5ce371f3e31a28dce1fec1bd5aa1890503756
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91g:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2976-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227dd-5.dat	upx
behavioral2/memory/2976-967-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\eula.dll	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.exe	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms	e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e7c8d63da6ccc7421b90b81f5bdf2fbc_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.8MB

MD5
b9ae129652063bc2ded70ccb5e515b61

SHA1
ca4fdb8d431431a3a0ffc2ee80eb72c7260d2c46

SHA256
d0af15eab74358d8210ddf9b9cf1f0c4d38029addf0ba6d0e9315994adefc466

SHA512
37f2637255841adc4392abdf40e87c0278a91b654f6a2079629ec734c901549c64e4641251a01e335d3779d140c34a3775961a7f5ee65e9bebf3b17d2273fddf

Download Submit
memory/2976-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2976-967-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads