f2eebce0eeff61d20f88f3a41d52138cd895fb5ba9c09f259563ac7bcd54766c

Analysis

max time kernel
161s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
Size

1.8MB
MD5

fea6a00e6c8e0bfca63cfbfed8ed59b9
SHA1

111675a2e5daa4bddd7ab19d4caafd3423de0746
SHA256

f2eebce0eeff61d20f88f3a41d52138cd895fb5ba9c09f259563ac7bcd54766c
SHA512

a444f411f25832afd7f726f94f6341c390b1a0d32ff5698e0713279b2ca185575af625c782a8caf213c7129cf0fb20e911b7d25068313a4150ae4e7234ec325e
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqo:SCqm2Jpr0nNM7Dus7NxF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4276-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228b1-5.dat	upx
behavioral2/memory/4276-267-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7-zip.dll.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.exe	fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fea6a00e6c8e0bfca63cfbfed8ed59b9_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
df7becc484e3cb08fc4442c6584cbe1d

SHA1
b940a54bdef5a4b6235a614c959133a74d263320

SHA256
801c5579ba642d9443a95f5c48450dc2adf2f4239870b9599e1daeb3c271a291

SHA512
98c20775168ffcd68395de536d5a1212c2d5fa7a5c72c2fdc9a0c9a0a8b7fdd8498d68d4ef9cabca9fc2316fd784f04cb5c12be1ae116b5959fb837baa689ee9

Download Submit
memory/4276-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4276-267-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads