e603843e8b057663590576332f5b31e2c1a0098a228791ed0d4ba5a3b3fc79b5

Analysis

max time kernel
92s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
Size

11.6MB
MD5

ebcad8fb4fb836448a9fafc372b47592
SHA1

31ec7f59896bfe5d97dd486764276acee7f8b68f
SHA256

e603843e8b057663590576332f5b31e2c1a0098a228791ed0d4ba5a3b3fc79b5
SHA512

6e2b3ee860b3ce47e67f528392c935121a2af7b0e8e0b792a4c09602f8bf835ccc2109013462937005e76b8f01338de177ea5778ff227f168159d0b6cc333611
SSDEEP

98304:IgVoocfBJSM3hvKyVPKA9aXrwVeg8UbYZfgs0QlxvjeBiqVmrgq8nM:BLcfBJSihyrY18U64suzmMnM

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-566096764-1992588923-1249862864-1000\desktop.ini	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-566096764-1992588923-1249862864-1000\desktop.ini	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\az.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado60.tlb	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msadox28.tlb	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadox.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tipresx.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado25.tlb	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lij.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt-br.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sr-spc.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uz-cyrl.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscht.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tipresx.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msador15.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng2.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tr.txt	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Services\verisign.bmp	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1848	1368	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ebcad8fb4fb836448a9fafc372b47592_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 496
  2⤵
  - Program crash
  PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1368 -ip 1368
1⤵
PID:444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
11.7MB

MD5
fb1d368c64374e3167bf7048b3c44c1c

SHA1
ff503951cc71cef73521f6e02caae13b339e0834

SHA256
f01d1ac8e892871d29f13c2c13117b3b22895e2018bf9c618e19e985ff7b5321

SHA512
fbc3c47ac4673928cf654ddc0f2512058b83ccb3c60a0399ebdda440e61e7a66f0cee5dc0a2c57e1487192c4dabf6b67a242f8b384115782659542a6acd41ca0

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1368-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1368-219-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads