a12dc89f49dd7519b83e4dd9d6e618061aaba37b839004a6a8dbc4a0517037cc

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
Size

1.8MB
MD5

fdab4a05a779395988d78e9853c76b16
SHA1

9c224ce90c0c1965a07e78b83333a5092c630851
SHA256

a12dc89f49dd7519b83e4dd9d6e618061aaba37b839004a6a8dbc4a0517037cc
SHA512

7872e128d4e7f39b8fa342fb237458ee311fc3b539fb90e989238554dedc143a4632e9bf431bf390a1fb7f0c5b176b61acdfce445a57d3409e0528c0b1290cb7
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqP:SCqm2Jpr0nNM7Dus7NxK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3956-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000022aa2-5.dat	upx
behavioral2/memory/3956-4423-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3956-11217-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Maps.dll	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIF	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-200_contrast-black.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\j2gss.dll	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_OwlEye.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_DogEar.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SliderHandle.xbf	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-16_altform-unplated_contrast-white.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-100.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-black.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookWideTile.scale-200.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso98win32client.dll.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupLargeTile.scale-200.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-200.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-400_contrast-black.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-200.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-36_altform-lightunplated.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\TEMPSITC.TTF	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-32_contrast-white.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEXBE.DLL	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.winmd	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-400.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_contrast-black.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-32_contrast-black.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcr120.dll.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-100.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-20_contrast-black.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\vcruntime140_1_app.dll	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-unplated_contrast-white.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Studio.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\TriPeaks.Medium.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-125.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactNative\Tracing\LoggingActivityBuilderExtensions.tt.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-400_contrast-black.png	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\MoveStep.vsw.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-256_altform-lightunplated.png.exe	fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fdab4a05a779395988d78e9853c76b16_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
86edd2c36eb72bade00439c57e0a2698

SHA1
54653b8b866e824358beadc972f52ef4e3c572cb

SHA256
ee76fd63103c31162ef5c46d57409468f1bf4b84a7d4d495acf7df17e6a530eb

SHA512
93dba447eac1e3590cf4bed17ab47bbeb90a857e112ac6c4ac0d757e660e71ca5ff7effe47b64eada797b81a9daf8c84a41627e37ae194d44b6cd848cdb0fbc0

Download Submit
memory/3956-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3956-4423-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3956-11217-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads