Analysis
-
max time kernel
93s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16-04-2024 07:59
Behavioral task
behavioral1
Sample
f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
-
Size
2.8MB
-
MD5
f30b3aba891c4ebba6a5340c948ad4bc
-
SHA1
1bfe97b34c687ab846da5793971fc373a822b34f
-
SHA256
6eb0f1bc24dea157b8c6e2588c0adb9e500b4bb82cf93c91709fc155d3264120
-
SHA512
1e9f1399cd639f73cb939f43d0b7123c371be5f21d75cff6f107a9a64f4645216f723cc373aca6afe8c601e50f9888ee073de59336e89f655e59d9ef409aac3b
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91Z:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0n9
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4060-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x0001000000022ac6-5.dat upx behavioral2/memory/4060-3969-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/memory/4060-8821-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\desktop.ini f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\ko.txt.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\LargeTile.scale-100.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsSmallTile.scale-100.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLL f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Shared.v11.1.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-400_contrast-black.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Microsoft.Graphics.Canvas.winmd f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\iheart-radio.scale-200.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-125.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MixedRealityPortalStoreLogo.scale-125.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-32_altform-unplated.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalMedTile.scale-200.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql2000.xsl.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_f_col.hxk.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-black_scale-200.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-125.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_DogNose.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-100_contrast-black.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-125.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-125.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-48.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailLargeTile.scale-100.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-16_altform-unplated_contrast-black.png f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-256_altform-unplated_contrast-white.png.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\Microsoft.PowerShell.PackageManagement.resources.dll.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.exe f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll f30b3aba891c4ebba6a5340c948ad4bc_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
MD55c6560ab48932718efc8cc2f5c2d24f5
SHA1b195e76daaa4335f6d0c99daeacbd1823976e9ff
SHA256e1bd91a011803471ebedae96086018a11b8a968decd4f22dbadcb3df70a09412
SHA512b7b518e251a2517b2495c8f11809d5c0872e1fead5d20f7aaaabdb5591311c743d3ea0341106bc91f3a774a78542c800e52ec482fae993b076be8ec916f70941