35afe6f81369dc4e8818b55626a9f7f35a939a4dc9cafec175990f96e980bfd6

Analysis

max time kernel
134s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
Size

1.8MB
MD5

f1fd61ca6e5be0c57503a67dcc4cb68e
SHA1

c3cf5179b2a045e763968cb601761e1f84b06d5b
SHA256

35afe6f81369dc4e8818b55626a9f7f35a939a4dc9cafec175990f96e980bfd6
SHA512

e8baa50467d4d932fac8a872c141d18a91ecee7cd9d6a7d14bbe382e1e75cb7d59982cca3f2beb3758658610cfcbf1ef81800e83f1aeccfb19b19c01243eed36
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqO:SCqm2Jpr0nNM7Dus7NxX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3948-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000022ab1-5.dat	upx
behavioral2/memory/3948-6381-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3948-14108-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\desktop.ini	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200_contrast-high.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\LargeTile.scale-200.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymt.ttf.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-150_contrast-white.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_40x40x32.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-256_altform-unplated.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_col.hxt	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\SmartSelect\AddStroke_Illustration.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_contrast-black.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-30_altform-unplated_contrast-white.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-400_contrast-black.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-400_contrast-black.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\WebviewOffline.html	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmgdsrv_xl.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_20x20x32.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_contrast-black.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\en-US.PhoneNumber.ot.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\EEINTL.DLL	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteSmallTile.scale-125.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailLargeTile.scale-125.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Access.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.scale-125.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.winmd.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-125.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\ECLIPSE.ELM	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\SlowMotionController.xbf	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Base.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-100.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\WideTile.scale-200.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-125.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-timezone-l1-1-0.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10R.CHM	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\SolitaireLiveTileUpdater.dll	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_contrast-black.png.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_contrast-white.png	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\es\Microsoft.PowerShell.PSReadline.Resources.dll.exe	f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f1fd61ca6e5be0c57503a67dcc4cb68e_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
effcca7e35aaf34425fdbabc58b8f652

SHA1
d2bfdb99d1ee1cdcd3f58ddaff40abdaa17b285e

SHA256
f4812314b725cafb4b71c216443a32cb60cac40899151efc01d75e9c1114553c

SHA512
dd20e6d4e7db2bd9e55dcc0bbc3c50b1b3733d5e70ee9fdd8fa1755954e25c226ebee8aa203e9c52a37ab0b37043ac4556818be083b4b6bb1627974b9a2e6171

Download Submit
memory/3948-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3948-6381-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3948-14108-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads