332dcf23db461e7a433e2193a69cdf13814c406484a723aa692eeb7e6feed293

Analysis

max time kernel
45s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
Size

1.8MB
MD5

f71be1e0f7ded236c78a4765493ffb9b
SHA1

db7db47a9ccc78ad87d8b781fe2ebb86564b37fd
SHA256

332dcf23db461e7a433e2193a69cdf13814c406484a723aa692eeb7e6feed293
SHA512

0256f2e6eda83115fbeb1bf48002e937a4899ada24872ec9ee5386de50231f1bbddc0a2206a618df27046448f9712bd5a495bef3ac3a675cfd73f577e430e5b5
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqyO:SCqm2Jpr0nNM7Dus7NxC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4580-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228b1-5.dat	upx
behavioral2/memory/4580-1020-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.exe	f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f71be1e0f7ded236c78a4765493ffb9b_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
d01a860dc37831b94db429d3d40e4e55

SHA1
3ad28c54645a4fd417cd8fdbb184e4f42ba47ca7

SHA256
ad51020a6d877b7df6eb7541187bf586f951a1e458553855dda4a2484af07bda

SHA512
3b42d20e8d9ec8c38fec06f8c8caf8eb81a3c02aaa35f6e1bbe1c1930e2d107d954d0c7559a557ee9faf1dca5163f43e3d0d5a33e922f1a23efcbc3411562d74

Download Submit
memory/4580-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4580-1020-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads