c41f90de02591ea3a5b9af8b23ca29c0d3655c0b5ff24a04187f57d865289278

Analysis

max time kernel
146s
max time network
125s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
Size

1.8MB
MD5

ed08f517587fcf1b040d66c410734598
SHA1

acad3d78e2ce56ccc1a79e199218bb26d4713676
SHA256

c41f90de02591ea3a5b9af8b23ca29c0d3655c0b5ff24a04187f57d865289278
SHA512

a487e404c85cb7fbae0dac5d7935db1e521be773dd3e75a32033f3022462914214f543db971e6386c0004c44636a77749eb12b54a5fe39074ee2d146201cfcb1
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHZ:SCqm2Jpr0nNM7Dus7Nx25

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2876-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x000800000001222c-5.dat	upx
behavioral1/memory/2876-761-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\DenySuspend.jpeg	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\j2pcsc.dll	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.exe	ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed08f517587fcf1b040d66c410734598_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BlockWait.midi

Filesize
1.8MB

MD5
1f2b1d6b7e6196f601c714282d3d82ee

SHA1
127635a29186d0e3440fb67299ebb9a7f112cc19

SHA256
12cd40c6959d3308f2629ad1d2b9620a0112715b3a043d1b59ddc02aba8677cd

SHA512
c1a0a7ecf701db03430125c6f5256f6b8de26b499e41baac9355dea01e6dd19a028a8d3174b7dfa108ff4d06c16ad324e82e2dd1663a9053f28e7bd1c2dffddc

Download Submit
memory/2876-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2876-761-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads