8d8a73338da35beb506b1215da4e4ef74713379f3d8ede2c407a02658f67286b

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
Size

2.0MB
MD5

f592830eb476cd5b5ed816c2282b6d2c
SHA1

8ca530fc928244f208d8f0b0f5a059f05cccf10d
SHA256

8d8a73338da35beb506b1215da4e4ef74713379f3d8ede2c407a02658f67286b
SHA512

cd0e3685d6d83ea105c7afa359ed1cde2fc1d6f38404a11dc4cf7887695d3bb20a94e061dc1f9130d23cb20cc463cfd0e2645e252d29d3b1d8dbd859bcff3c07
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPt:SCqm2Jpr0nNM7Dus7Nx2kCqt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3916-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0004000000022a75-5.dat	upx
behavioral2/memory/3916-1235-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxT.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrvi.rll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.ELM	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jdwp.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\mfc140u.dll.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\SETUP.CHM	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\OpenGrant.pptm	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.INF.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\13.0.0.0__89845DCD8080CC91\Microsoft.AnalysisServices.AdomdClient.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSORES.DLL	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\adal.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.exe	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms	f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f592830eb476cd5b5ed816c2282b6d2c_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.0MB

MD5
6dd2d5b5099f16500ce8c854aae45cf5

SHA1
ae02e78fadc3b70da6563af636af99fbec86fd42

SHA256
317e0e88951a094ab6007d1e4836eb23cd5905076d9a4c2d691e295b4ef2f2da

SHA512
a2f06e694cb21611c26b4f72979aab4b353aeec2edc54b20fe5ab82e45f8b15fb519f0c8e4ff2f3084bb37d08529807db1755cdcc6d568c3a1b998121de09fa7

Download Submit
memory/3916-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3916-1235-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads