9396920787de72a4a6fc5a87c0decafeb5aec45766a1b0b20a15f50dfcf5675e

Analysis

max time kernel
147s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
Size

1.8MB
MD5

f978fad57f5f65c32202a5034482f833
SHA1

ae03de9c03bd1679c0565eb93293fad68a0765a5
SHA256

9396920787de72a4a6fc5a87c0decafeb5aec45766a1b0b20a15f50dfcf5675e
SHA512

55a49b3157a500ff6c10477a3efdc3942ef129c2fdce165b096277218584deb21d25fd604ed4cb2dd998d04b19f118660e98c3eead123e4674d6e08f576a8c9e
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqA:SCqm2Jpr0nNM7Dus7Nxt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2312-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0009000000016d12-5.dat	upx
behavioral1/memory/2312-647-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\DisableResolve.eps	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.exe	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar	f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f978fad57f5f65c32202a5034482f833_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
4cf97a0cd219be7ca10defc504763d00

SHA1
3c40df9da425b0b3dea2f25f2ddd5ac265ade82d

SHA256
8e95b168b4ff3e49fe2e2290769433c3a23f3c7dbc45739cd4735a76c2d71205

SHA512
7e7c44b7de8f16b148604d8d5d6007fa330fd40b89982123f818f55f320ed2a6087c39963d27f7890a012df819264ced6b3739bae5449973aecebdc08d9e4013

Download Submit
memory/2312-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2312-647-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads