c8a7b0efbb83a3c3464d4554815a14d25b1a89c22c12d5dd901f26fd42fd235c

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 11:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
Size

1.8MB
MD5

fca65f40e4c9aa9824dd6f8736a7abc1
SHA1

33f33bb4872de136cc29fb3a702637534cb23fd8
SHA256

c8a7b0efbb83a3c3464d4554815a14d25b1a89c22c12d5dd901f26fd42fd235c
SHA512

5b5de82cadaa379062d8b566e00d04b7bbcf9904a31bc9b70371d09aa84f74dadd204ab56e865982fb39ca9b1d366f6ff10edf58d3c76b0b23edec64196c3397
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqO:SCqm2Jpr0nNM7Dus7Nx7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4640-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000022aa2-5.dat	upx
behavioral2/memory/4640-5231-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4640-13937-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\desktop.ini	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\vcruntime140_1_app.dll.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-400.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Spotlight_NFL.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-125_contrast-white.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-unplated.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxWideTile.scale-150.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\foreca.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-150_contrast-white.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_Flight_Light.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\BLUEPRNT.INF.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\VideoPreview.xbf.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SmallTile.scale-100_contrast-white.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_altform-unplated_contrast-white.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-400.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-100.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\Microsoft.PackageManagement.resources.dll.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-400.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\es-ES.PhoneNumber.model	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-64_altform-unplated.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-150_contrast-white.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-100.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200_contrast-black.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\SpeedSelectionSlider.xbf	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-200.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNG	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-black_scale-125.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-96_altform-lightunplated.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Fonts\CortanaMDL2Assets.ttf	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-36_altform-lightunplated.png	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\WideTile.scale-100.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.INF	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-200.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCache.scale-125.png.exe	fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fca65f40e4c9aa9824dd6f8736a7abc1_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
5512db04b3349965e3057fefc1eb44bd

SHA1
e6035834d828da6dff7992f174a768fb5246a28b

SHA256
748365fd1589fbd14d8b406e18316f048b0e58bf8864f976249d569be6f6367d

SHA512
f595589aae312b5bc083707319f8b2d658830e8310c961a1d6e3d989585d4c78360c1d0d5c8f247cb454b9f0e14847288c4bc6b31f91a7ccb2f995a59454bce9

Download Submit
memory/4640-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4640-5231-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4640-13937-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads