e603843e8b057663590576332f5b31e2c1a0098a228791ed0d4ba5a3b3fc79b5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
Size

11.6MB
MD5

ebcad8fb4fb836448a9fafc372b47592
SHA1

31ec7f59896bfe5d97dd486764276acee7f8b68f
SHA256

e603843e8b057663590576332f5b31e2c1a0098a228791ed0d4ba5a3b3fc79b5
SHA512

6e2b3ee860b3ce47e67f528392c935121a2af7b0e8e0b792a4c09602f8bf835ccc2109013462937005e76b8f01338de177ea5778ff227f168159d0b6cc333611
SSDEEP

98304:IgVoocfBJSM3hvKyVPKA9aXrwVeg8UbYZfgs0QlxvjeBiqVmrgq8nM:BLcfBJSihyrY18U64suzmMnM

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\handsafe.reg	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\oledb32.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadcfr.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msadcfr.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt-br.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\DVDMaker.exe	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mk.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\bg.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
17.1MB

MD5
839f8bfa0a45349ff2f3d8a6db30847b

SHA1
f7d5361a7958fc8e3dc39731d96c747a6172e4b3

SHA256
09f28483454fbf0ec3b39c0143c42887c738c755301f19d561846faea8644340

SHA512
c87ff200e65c10c5da9b0add98847f84ebf214b529c422d36787ee496120a71c0e94ef6628259393f849719ed7154c3b53333afbd19bd51f37d32875f3cb4544

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2860-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2860-233-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads