d80ea2af9173a3e08d2169bedd9a1bea1351b06c3c226309f3d7ef8b8a3875e5

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 00:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
Size

1.8MB
MD5

f49e114af66c3c1e10a2cde8964d6821
SHA1

7eedc0645994cb9ac3881028c98e58437368cc8d
SHA256

d80ea2af9173a3e08d2169bedd9a1bea1351b06c3c226309f3d7ef8b8a3875e5
SHA512

cdd9ef15ea72a9676d4286e06fe71bbfaa0beb355219be69662e2ba13ff3fb71f5300d72f17e832d142a1b81da4d3f80b0a25e0e6b7f40364eed13dc7cad3176
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqQ:SCqm2Jpr0nNM7Dus7Nxp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4752-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000229e4-5.dat	upx
behavioral2/memory/4752-1385-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.boot.tree.dat	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\stdole.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\as90.xsl	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.tlb	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\es-ES\shellext.dll.mui	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\HeartbeatConfig.xml.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OSFROAMINGPROXY.DLL.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.boot.tree.dat	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\mfc140u.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLL.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vreg\excel.x-none.msi.16.x-none.vreg.dat.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\ja-JP\ProtectionManagement_Uninstall.mfl	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.exe	f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f49e114af66c3c1e10a2cde8964d6821_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
1b093dbcab067b64f1a8301c21763938

SHA1
922e6130377ac6b32acb0b3818500cd5b3bd5c29

SHA256
05e3acbb4cc86b5cb879c88bbc47375de155bf68c925a46ea2a945cb72bb83e5

SHA512
1d0a751fd3fcbfee6bc012b0ef220e855fa7cf6ca65ac8e2de3822c68e2505e3ab53c78741c893d684ae1cbf80582f451bb7a92f49effc12cd595ae70a6d22aa

Download Submit
memory/4752-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4752-1385-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads