d132cefe35d38f3b9dba1a3e7fadcf7e127f0af4a7ff815ac777b075b2b5c8ad

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
Size

1.8MB
MD5

f0101f0e9a94dbd28a1eb449dc454072
SHA1

4749ce66900ea0d13aaff24946e6b0b044d7bdf5
SHA256

d132cefe35d38f3b9dba1a3e7fadcf7e127f0af4a7ff815ac777b075b2b5c8ad
SHA512

0c1d0ada8e9718a88f5fd836e50f9d06b4956f9378ccdbda87f0f6c39c081b505ef3e40cad20f22992952d3d713b54fd608bab4cf421e1e966dc0989077bdebb
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqJ:SCqm2Jpr0nNM7Dus7Nxw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3604-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228b1-5.dat	upx
behavioral2/memory/3604-931-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-synch-l1-2-0.dll	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\HxRuntime.HxS	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.DLL.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.UI.dll.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\BloodPressureTracker.xltx.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.exe	f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0101f0e9a94dbd28a1eb449dc454072_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4040 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
4eca46aec4c7f05fabbeed2393676752

SHA1
3e7c4c64ebf1d37c752505f45f650ea03f50b230

SHA256
3ad4393fdacf08cbad0f15cdf44b187346ce8b7b26a047ae7a1403d32ac9f046

SHA512
73bb4f8d6007769249b4b095351f4a2bde2fbcbe4f8ac3413ac440f51f8d57ae517cf7961dfd5aa7b37c68f4a6ee1040760903593c8c4adb4ec34842b29c0dcb

Download Submit
memory/3604-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3604-931-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads