2cdc90b0b8131935cd324b3ebb3e7b2da4c704199436a8c91673780726f16f7b

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
Size

25KB
MD5

f5f0801b6c9708d595f15d25a2c322a0
SHA1

6c21a619929e24ed4ceef7bd693c1e808adb7c63
SHA256

2cdc90b0b8131935cd324b3ebb3e7b2da4c704199436a8c91673780726f16f7b
SHA512

a16aa324da067d860a21c6defc51ee5990d276307f24fbf588373a6421fff1a6200df32dc048c1fa1009c54160e6a7f896a9848821b58c5eb8da17ad2e1f1d95
SSDEEP

768:HiaRDu9EEet5i2u0RLPwAFleSysz4XUVIgZ4iT:HZRDoLeSuVeS748Igmi

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ARP.EXE	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Dism.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ntprint.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ComputerDefaults.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\EhStorAuthn.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\eventcreate.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\tasklist.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ipconfig.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\taskmgr.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\diskraid.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\icardagt.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\psr.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\sdchange.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WPDShextAutoplay.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\comp.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DWWIN.EXE	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Magnify.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\makecab.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\runas.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\wlanext.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\xcopy.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\cmstp.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ctfmon.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\expand.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\instnm.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\RmClient.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\timeout.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\certreq.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DeviceProperties.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\NETSTAT.EXE	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Robocopy.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\TapiUnattend.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\fc.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\iscsicpl.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\replace.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\convert.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MuiUnattend.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\netiougc.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\rundll32.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\sethc.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SndVol.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\vssadmin.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\wuapp.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dxdiag.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\odbcconf.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\regini.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ROUTE.EXE	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\setupugc.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\HOSTNAME.EXE	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\w32tm.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\colorcpl.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\eudcedit.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mfpmp.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\upnpcont.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\userinit.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\xwizard.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\certutil.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\control.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ndadmin.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\netsh.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Media Player\wmpnetwk.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Sidebar\sidebar.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\WMPDMC.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpenc.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\explorer.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\fveupdate.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
File opened for modification	C:\Windows\hh.exe	f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f5f0801b6c9708d595f15d25a2c322a0_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2380

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads