6eb0f1bc24dea157b8c6e2588c0adb9e500b4bb82cf93c91709fc155d3264120

Analysis

max time kernel
148s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
Size

2.8MB
MD5

f30b3aba891c4ebba6a5340c948ad4bc
SHA1

1bfe97b34c687ab846da5793971fc373a822b34f
SHA256

6eb0f1bc24dea157b8c6e2588c0adb9e500b4bb82cf93c91709fc155d3264120
SHA512

1e9f1399cd639f73cb939f43d0b7123c371be5f21d75cff6f107a9a64f4645216f723cc373aca6afe8c601e50f9888ee073de59336e89f655e59d9ef409aac3b
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91Z:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0n9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2444-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002800000001390b-5.dat	upx
behavioral1/memory/2444-304-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.exe	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig	f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
2.8MB

MD5
90dfb9605e30bd8a9d4849caecf5631e

SHA1
11ec4baa9b8dbf9a6efb8adbc22d017ddb9b7581

SHA256
2f8b2585d9696658482610d4951397d9413aa07691faf383f2d3a0d7d7d5b020

SHA512
cccaa14c9d1f2986f211e3b23876dea3c4d45c89c73d4eaaa68039b8ae1907d829a1cb23796b4f7563a923e2a0a820fc4da94c765eeab1265be5109c591b4f13

Download Submit
memory/2444-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2444-304-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads