eb0cde9d0f1077b00bf6a853e9739ecb3615a8504ef3a560e420724311e623e9

Analysis

max time kernel
92s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
Size

1.8MB
MD5

ed028643edea0d2dd23bafbb8a67b901
SHA1

1a785b5d33c3c60e067a700373e06d765b898eef
SHA256

eb0cde9d0f1077b00bf6a853e9739ecb3615a8504ef3a560e420724311e623e9
SHA512

acbbb932b901c87c728f5c02081e6caf2ec41cf7876bcf395394844917e094a7a9dccda622d443abdb03e9497aabf810d43aec7ead56a62b7c3b028ab28c76c6
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqq:SCqm2Jpr0nNM7Dus7Nxf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2496-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000022893-5.dat	upx
behavioral2/memory/2496-6465-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2496-13437-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\desktop.ini	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-200.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-64_contrast-white.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\UnprotectSwitch.pdf.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-72_altform-unplated.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\LargeTile.scale-200.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsSplashLogo.scale-180.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-unplated_contrast-black.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\msquic.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_star.m4a	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-20.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.MsoInterop.dll	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-200.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-30.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.ComponentModel.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\WideTile.scale-200.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Aero2.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_Tracing.jpg	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsFormsIntegration.resources.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.js	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.winmd.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreMedTile.scale-100.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Gravel.jpg.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-black_scale-125.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-100.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-256.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\StartFormat.gif.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\MedTile.scale-125_contrast-black.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\6px.png	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jfxwebkit.dll	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\TextIntelligence.dll.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Microsoft.BigPark.Utilities.winmd.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-100_contrast-black.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-100.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png.exe	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\TextIntelligence.dll	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Reflection.dll	ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed028643edea0d2dd23bafbb8a67b901_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
2a3d0cee902df2909da96a5d0506f583

SHA1
e25f68eeb053dc00a8fb8af6352da20df4d2760f

SHA256
1741687e957aed96a777969d8fc4930a5c58241cc915954c78d2ca0b91538155

SHA512
ac16d7b8862e0e69b51149d03bda2042c610524589cbe1355ddaeff205dfcae0087b56bff7f5ebefba1a8301c9fd7f2cb6cac23f28c997371075748ae04caf41

Download Submit
memory/2496-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2496-6465-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2496-13437-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads