4f901cea56c547bccfbbde90f7ab969e056f9dd859def77d9fb9eeb24b3d2186

Analysis

max time kernel
145s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
Size

347KB
MD5

f7c06dce2a4727db781bd2c0b1d94c0d
SHA1

c15747edcd3c60b1a44c2277437338141d387780
SHA256

4f901cea56c547bccfbbde90f7ab969e056f9dd859def77d9fb9eeb24b3d2186
SHA512

54b3004277016ca079cecec9258772f1cf245c8dbf2f75d826b4307055b9a4455b709483ab2e20294f801ad3e871101c6726f8be492ca1189676dfb1093120b9
SSDEEP

6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTMD:JXEkqeolrix1c60yo

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1826666146-2574340311-1877551059-1000\desktop.ini	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-1826666146-2574340311-1877551059-1000\desktop.ini	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdaps.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado26.tlb	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\en-US\wab32res.dll.mui	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\fontmanager.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado26.tlb	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File created	\??\c:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll	f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1296	4672	WerFault.exe	81

C:\Users\Admin\AppData\Local\Temp\f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f7c06dce2a4727db781bd2c0b1d94c0d_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 768
  2⤵
  - Program crash
  PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4672 -ip 4672
1⤵
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
2.1MB

MD5
ecb1b48648252fb4d1d2ca8c8e370269

SHA1
2315f9093091eb317d09b439be0a6337358bc544

SHA256
827954c3ce9b117d05bd7fa7483f4e249f78c24ea5b51f3d998c33ccaa3a23f2

SHA512
c17d30c0b7754a6016a97f3b5b5fef7af1f4665df3fb29bcd9a87643fbc79c1945872997d129e0b159dbd944f4f89216587b7130dc9787f73188cc8ba902789d

Download Submit
C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/4672-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4672-1690-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4672-2441-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads