66d7e5ba56b2d69441a490873bdb8a6aba1037623795a100d67f81253b530109

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
Size

351KB
MD5

f3069cfd6a4b8e057ef624d402b08851
SHA1

17f69f6817abc8cd6af989c1eda6c01567ea4f7f
SHA256

66d7e5ba56b2d69441a490873bdb8a6aba1037623795a100d67f81253b530109
SHA512

1a401eaff40afb850a055718b34e3d7877b3aa693877cb4b428554ce09415b2cff9d0966ab1197e5c1a8945fa750ef17eaf684308f49263cf23d38eed6bd60d6
SSDEEP

6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTMt:JXEkqeolrix1c60y+

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\dotnet.exe	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationTypes.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadcer.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationFramework.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClient.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorlib.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\WindowsFormsIntegration.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\WindowsFormsIntegration.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Cryptography.ProtectedData.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\jfxmedia.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msaddsr.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jstack.exe	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\j2pcsc.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.DiagnosticSource.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadrh15.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlSerializer.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uz.txt	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Security.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\awt.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationFramework.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\Microsoft.VisualBasic.Forms.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordbi.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\ReachFramework.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationTypes.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\jfxwebkit.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscht.xml	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemCore.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Classic.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\hmmapi.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\jce.jar	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\npt.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Xaml.resources.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md	f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
856	3640	WerFault.exe	88

C:\Users\Admin\AppData\Local\Temp\f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f3069cfd6a4b8e057ef624d402b08851_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 1000
  2⤵
  - Program crash
  PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1044 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3640 -ip 3640
1⤵
PID:3796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre-1.8\bin\glib-lite.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
C:\odt\office2016setup.exe

Filesize
5.4MB

MD5
d8bbbc2716757e8f633abab13ddb27e1

SHA1
6b235e5960d5406fdcdc9771c574536f920a97a8

SHA256
52c7705d22c2707cbb3dce9d2a1a79f2aff0269d4c6796a1a4be72fcb6dd1193

SHA512
398aa248fd901a1a5b553203ac298bd7dc3bbc68579ff755f97a858e8d581c67f6d2530776dcb3b0c822222a9156dd6dd71829af8754ba9f148b076c09f8ab20

Download Submit
memory/3640-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3640-798-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3640-2002-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads