ae0922732826bfee308edf6ec2a82e29726e7af337381987fff1bc80db5a6aa8

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 19:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
Size

1.8MB
MD5

f1b895b93a56a7de3cb8c6e3ddd55688
SHA1

cd95d0db52c3c35e171900dc5918f967ee2ac8f2
SHA256

ae0922732826bfee308edf6ec2a82e29726e7af337381987fff1bc80db5a6aa8
SHA512

b07db1b264a83ab752bc36376c37bc9d9e229e3d6ae1261714f9ee88c1495df62130fdb0ee498610098882fb5b39b7e47830b23ca22eb85e67235bbb32786cb7
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqA:SCqm2Jpr0nNM7Dus7NxJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x003400000001508a-5.dat	upx
behavioral1/memory/2904-2207-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2904-9201-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwdui.dll.mui	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\service.js.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.exe	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\lgpllibs.dll	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
File opened for modification	C:\Program Files\SplitHide.emf	f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f1b895b93a56a7de3cb8c6e3ddd55688_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
9c89e2ca4d661a285085af6c64e5da7f

SHA1
071cb6cfb9a7220938e118d57817bd658c4cfe39

SHA256
d6bf75cfe047c97fbead45203925c2efda925fe954f1c4ad82578f3fbc06fedc

SHA512
15393599830c84bb3b952aaf6861a3174bc1acd946d76e8afc1bcfd0cc35660deb609fc7deeb374330d8a93c24b2b362b428912e8b9c610657e14818db7d7e31

Download Submit
memory/2904-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2904-2207-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2904-9201-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads