c70885c2fe34d5fb9194d06641e535031be25c4f724c25d96c32eafd9cdc09f7

Analysis

max time kernel
65s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 13:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
Size

1.8MB
MD5

f81e4d5011616c5d8bfa658840350ba5
SHA1

5bec171a14b741fa8d944c4715050b8fb04a5f3a
SHA256

c70885c2fe34d5fb9194d06641e535031be25c4f724c25d96c32eafd9cdc09f7
SHA512

4e5d908a2bfaa3c4e7ba4865903362bb435f5fcaca6e36b396a79138f41ae98e47a0c9a8e307fc4e4030c44feccae7e34a99d5f8ea7d55329ac051bab7be98d5
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHu:SCqm2Jpr0nNM7Dus7Nx2O

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3868-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000022ab1-5.dat	upx
behavioral2/memory/3868-6645-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3868-14139-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\desktop.ini	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSUPLD.DLL	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-colorize.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-400_contrast-black.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_altform-unplated_contrast-black.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinOnboardingCommands.xml	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-48.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\MSOINTL.DLL	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-140.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-20_altform-unplated.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-80_altform-unplated.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MicrosoftLogo.scale-200.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\MSFT_PackageManagementSource.strings.psd1	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_altform-lightunplated.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-72_altform-unplated_contrast-black.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.scale-125_contrast-black.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-100_contrast-white.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\XboxResourceDictionary.xaml.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-96_altform-unplated_contrast-white.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\TellMeOneNote.nrr	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\main.js	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-96.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionLargeTile.scale-400.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_scale-200.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\onenote_whatsnew.xml.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-80_altform-unplated_contrast-white.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\TextEntityExtractorProxy.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-white_scale-100.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_contrast-black.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\VBE6EXT.OLB	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-256_altform-unplated_contrast-black.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Security.Principal.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\JumpListNewNote.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\AppxManifest.xml.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-125.png.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.ELM.exe	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll	f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f81e4d5011616c5d8bfa658840350ba5_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
abb279a1a40376ec8ba7df5dfa1192c9

SHA1
baee77c830b9f251c089ddcac6d5fb6dab25f989

SHA256
172dbd5651679e77f64384a6a7285b509f532a9180eaa984f4e3ae661960b765

SHA512
cb9574486462ce339ba56536810beb739e21ad8c0758bda8de836aa4cd6ff6fcb7d5f0c494ab83f50fbeca6ff0848ba6039a0cc2d2c5c3b63b06137c99fb067a

Download Submit
memory/3868-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3868-6645-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3868-14139-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads