c67f64a09f64cb218a870271bb4e2fd6379a0e2774fba72e9219db4793a2a72a

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
Size

1.8MB
MD5

e81b3d8425689013715fe7bd27d69c40
SHA1

bc49cde27ef84f4da568e78d645f606955fd4dd1
SHA256

c67f64a09f64cb218a870271bb4e2fd6379a0e2774fba72e9219db4793a2a72a
SHA512

8fd97feb6022d41ab513c4ca8a79edbee70a90cf65fc1303dfd57b499c2b52531a1d15fa7735c76512a087a3843414e04e58e023f4b666bc3010d0c4d796d41f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqw:SCqm2Jpr0nNM7Dus7Nxl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2028-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x00340000000149e1-5.dat	upx
behavioral1/memory/2028-1915-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2028-9201-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\j2pcsc.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\Accessible.tlb	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.exe	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\settings.js	e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e81b3d8425689013715fe7bd27d69c40_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
4b8dfc07a953b9ee0c4fbd0b50c19437

SHA1
a5b601393186bb10860a520b9f95e7476f3bc88b

SHA256
366485b67185db99c83f398428d7fab8ac5c5a55149b3992efc18a7dcf03b07d

SHA512
1e0cff659e7930a82fbf1b6b0ff81ad82ac778d3f3019d234ca4c0c5d7b3c8c1d607b8c9b1e84c3bdb0138a552f41ff48b657c7f0fd83730ae23e4242e7f2945

Download Submit
memory/2028-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2028-1915-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2028-9201-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads