7121208290534d28941fc4cc09fe4131db805963f1784c1ed9e15522c7531cdf

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
Size

1.8MB
MD5

f0441333331ad2ebe48298ead1c4a733
SHA1

2386114fc9c5bb3ffd924a780953d19b51965452
SHA256

7121208290534d28941fc4cc09fe4131db805963f1784c1ed9e15522c7531cdf
SHA512

903672fe0188d046bb20d5927ffc68ca3a7bf0f6fd91778283180270cb2099ad748dd78014d0523a8db841f6c5084a38a7bbe0eb53c2d8a54ed556f833a99e26
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqg:SCqm2Jpr0nNM7Dus7Nxl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1840-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000229d3-5.dat	upx
behavioral2/memory/1840-1798-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\illustration-UploadToOD.svg.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-150.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-200_contrast-black.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\WideTile.scale-100.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Reflection.DispatchProxy.dll	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-48.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-200.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-unplated_contrast-white.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymb.ttf.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\8080_36x36x32.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoBase.dll	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp140.dll	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\complete.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Inbox.winmd.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_contrast-black.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\THMBNAIL.PNG.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\TimeAppService.winmd	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-white_scale-125.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24_altform-lightunplated.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-256_altform-unplated_contrast-black.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources.pri.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-white_scale-100.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashWideTile.scale-125_contrast-black.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-20.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_altform-unplated_contrast-white.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\resources.pri	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-unplated.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-80_altform-unplated_contrast-white.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-black_scale-200.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-100_contrast-white.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\BadgeLogo.scale-125_contrast-white.png	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\30.jpg.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.contrast-white.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-125.png.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.exe	f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0441333331ad2ebe48298ead1c4a733_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
65939232dd5efcac78f1183edf186356

SHA1
8dec2b493415996e48fd10f1cfa0735f333222fc

SHA256
af1aba5c0b7614fc1237145c5c8536de0afcdaf23247ed89c8ffa3d901606347

SHA512
81b73fdfed31cd08387ed994f702e6fe8b7efbff282648af40aa577d97bd554535fcbab13b095acf973ba35650c78ac972305f5c7187aa976494cf50ddd23369

Download Submit
memory/1840-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1840-1798-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads