96d978054f68cf28b8edd54be7236b0b6101994eeb12d45b061a25d8111d08fd

Analysis

max time kernel
93s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
Size

249KB
MD5

f3c5d29816468e356a7dbc651cb22620
SHA1

5ca3b5278ca08237ff56950a552ce73f3ac038d0
SHA256

96d978054f68cf28b8edd54be7236b0b6101994eeb12d45b061a25d8111d08fd
SHA512

95b3bf5f4e0a0350097a491f3a4c3c037910f34b706cf4936d2518c46a8c8454dd3fffc8fa5247900d4377f61bc95c3a660ff806143c35d2fb9cd85215ba24a9
SSDEEP

6144:He+fAz16PHy4mirtd1E6dqi4py5RixTmAcThAkZThMTMKih:++Iz16fDrhEy1Rix1c60y/M

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\SIGNUP\install.ins	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ta.txt	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipssve.xml	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.sfx	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\glass.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\management.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ar.txt	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\jawt.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\jaas_nt.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\java.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lt.txt	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\javac.exe	f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3304	2384	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f3c5d29816468e356a7dbc651cb22620_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2384
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 708
  2⤵
  - Program crash
  PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2384 -ip 2384
1⤵
PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
2.0MB

MD5
296d977864b44de5125a62e056019be7

SHA1
1e99da0906e0839c885f97867f2926b8fd51113c

SHA256
6f5db3db725560136548ad5d296159fb3a27ec4ef774f9e11d4e3954c1731b00

SHA512
3e2152e3924638c1d009c12034bb73be43881d92432ea863526fcd716e31825ba0692770776b48c3983c1f9da2d1d3f436de8aa90194f6e20f866a80e380db21

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2384-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2384-2423-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads