e0a4e71868a3f13bd9e2d5575430e8605572544eed659a792dc4255b83edc4ab

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 01:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
Size

1.8MB
MD5

fe1997d4be628768c214c9e7818b8ce6
SHA1

83ad21dbaa429f47a5e479253f8a3af42a97ffd3
SHA256

e0a4e71868a3f13bd9e2d5575430e8605572544eed659a792dc4255b83edc4ab
SHA512

751b8f5b1f23b7f9d0ece6f9737936af4f71ea8238476591ba41c42d03fec86cc162bc35ef2c24be41de96dab7b33529b1818aa516c74a625be0cabc5e178d0a
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHQ:SCqm2Jpr0nNM7Dus7Nx2w

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002a000000015d4c-5.dat	upx
behavioral1/memory/3028-2160-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/3028-9183-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\desktop.ini	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.exe	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui	fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe1997d4be628768c214c9e7818b8ce6_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
3d6e4a4a9906f4c14fdc81969b5c942e

SHA1
c169633c81f8a3c2f9e845570c0432ea443f61f0

SHA256
328290074c480b32bb8f6d279891b48ce956af653b5e765e61ac046b3f8e0be1

SHA512
bea880bf379982f6f45bc20f0578a5d681e5f6d9e7493adc51747d98c270a9eac7081b95ba3f543d8191cf49df0dfadd2efee942a31f25d6d5b66ec16afc238f

Download Submit
memory/3028-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3028-2160-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3028-9183-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads