bd74622342f6b166ccd0761ff8b9f3b81d6c176602f5c3aef626c2225a18251d

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
Size

2.8MB
MD5

f4d44854e0430b9a2a08dcc8301bab05
SHA1

3bb6c02f8a7340da7059e3e0f02fdfe6e1a31de6
SHA256

bd74622342f6b166ccd0761ff8b9f3b81d6c176602f5c3aef626c2225a18251d
SHA512

77916d21f882d8f5790c683a8523625246aebfff1c40ce2036110bae217878c076de3bb5cbbd32440ecfc055893df657640a0991dcdc45293b571fee88ca6de0
SSDEEP

12288:9nix1c60OfcvxWd3334BkZnkPvFHHrP4Em67bmSiTIUzOBz7:9kcvxWd3334BkZnkPtHHD4/oniTIt7

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\Program Files\desktop.ini	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-553605503-2331009851-2137262461-1000\desktop.ini	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-553605503-2331009851-2137262461-1000\desktop.ini	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\CompareReceive.wma	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado15.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InkObj.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado25.tlb	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\iediagcmd.exe	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\java.exe	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bn.pak	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\javaw.exe	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll	f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1084	4736	WerFault.exe	82

C:\Users\Admin\AppData\Local\Temp\f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f4d44854e0430b9a2a08dcc8301bab05_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 728
  2⤵
  - Program crash
  PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4736 -ip 4736
1⤵
PID:4680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
4.6MB

MD5
db72d764e93254aebda2bcf711c32304

SHA1
fc90ae4a384742f2a831190ace337c43210fe2b0

SHA256
ae83395ca53895f2d0f058e96b5c551594151e0ce75a5a1cb75258f6b398d77b

SHA512
4739eb003177d94eaa23269713f7394c3b16db24cd6425d38ac5c79fb88935aba8937082e6d02bbc35cc52cb1f9b7fce9d5611b8360a023ac830e5e07552b89b

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/4736-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4736-246-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4736-1875-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads