899d4117f483cf8e7c57466155afeb70d32b72e6e1c4ebe90427672317a6ce70

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
Size

3.9MB
MD5

e9385123861e4dfefe2517acefbefce6
SHA1

cdb243c14c2fb32fce8168d15923c2a14573ca80
SHA256

899d4117f483cf8e7c57466155afeb70d32b72e6e1c4ebe90427672317a6ce70
SHA512

307e0525d170fae7f00bbbc61baebd112b82f257c744262e0d5dc79500376e5fb028bf57062a139f96ca7667fe6568f551917f95896a6f9ca10fe2305c6761e1
SSDEEP

49152:VTGk6RA/MQyqt1+amIn0fjwHIKC1MHgqsWBmZJx6ECueQNiioTVk9NLUX8kBqcXN:hcjeBiqVmrgq8nH

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3787592910-3720486031-2929222812-1000\desktop.ini	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3787592910-3720486031-2929222812-1000\desktop.ini	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\wab32res.dll	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sa.txt	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\directshowtap.ax	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\CompleteUnregister.pcx	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ka.txt	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng.txt	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\adojavas.inc	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadcfr.dll	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.exe	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\CompressRedo.DVR-MS	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\adojavas.inc	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msadomd.dll	e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9385123861e4dfefe2517acefbefce6_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
9.4MB

MD5
c0cf10d5ff66146f8171b6b78088db28

SHA1
f95f9b8db43dec143f30fe9114e491bd2c77c7b3

SHA256
073ed1548b236657c9b4d8b00c3f3602ce34a4350530b3cb05337827748bf0d6

SHA512
64899af4b6d5d21ca6c371ecc229dc379e99bd89ba4e2c98f3cc8e3d328541d4c807b3fac024f25905b1c8c585c284ca6ff2ebb9bfffa9fca8c006f521dfd2d4

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2020-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2020-84-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2020-231-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads