0168809adb8e0aebe49c40d6e3f197fa7fc1d442f3545dff397ad2e3e623dbac

Analysis

max time kernel
92s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
Size

1.8MB
MD5

f3d3315294110ba5957f0164bacab020
SHA1

047eaafe9099c3321bfb10facce52faf79c48f27
SHA256

0168809adb8e0aebe49c40d6e3f197fa7fc1d442f3545dff397ad2e3e623dbac
SHA512

26820beeec30f721463529a27ad2267a32fb5c88dbb3e51cca0980d7295316436df8b8dc367abf523536f7d56794c4bb3846c7c561569c2912d6bc4e8418c8ea
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqX:SCqm2Jpr0nNM7Dus7Nxu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3216-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000022ade-5.dat	upx
behavioral2/memory/3216-6275-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3216-14030-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\desktop.ini	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-100.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\TimeAppService.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileLargeSquare.scale-100.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-200_contrast-white.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\Square310x310Logo.scale-200.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FlagToastQuickAction.scale-80.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-400.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-72_altform-unplated.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-300.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\WideTile.scale-125.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-40_contrast-white.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-200_contrast-black.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-16.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\SharedMemoryUWP.winmd.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-96.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SliderHandle.xbf	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\PointerIndicatorVertexShader.cso	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-125_contrast-white.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactNative\Tracing\LoggingActivityBuilderExtensions.tt.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\trace.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-GB\en-GB_female_TTS\skin_en-GB_female_TTS.lua	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCache.scale-100.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\AppxManifest.xml	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\MyOffice.BackgroundTasks.dll	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\x_logo.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.contrast-white.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-black_scale-125.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-16_contrast-white.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36.png.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-100_contrast-black.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\resources.pri.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-80.png	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.exe	f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f3d3315294110ba5957f0164bacab020_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
7c0b370386c01e685e6bff621f53ae9d

SHA1
45f7603b70bd8791f72e84f786e2549957a2081d

SHA256
5a34fee10c76e72545af127ea6474be8deddd5504e2769762950252f43abd857

SHA512
a30f5a1cedd1dbdcb9ca37f4fefb73d1a7842acb509180604aec984c4038a4d8601cc9d5ba97c92278b680c8460cc603ea7df91d49b92ffe015e0a38033e3d8b

Download Submit
memory/3216-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3216-6275-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3216-14030-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads