fd770aea5686d9c4defeee8b61c5a40ef708717e67f17ee8d6d76558acceaa44

Analysis

max time kernel
124s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
Size

387KB
MD5

ff9f78c37bfa63faf0c76bd06ea0c465
SHA1

bb34feb046b9606626ec8a4f4b1e28ad21f86a8d
SHA256

fd770aea5686d9c4defeee8b61c5a40ef708717e67f17ee8d6d76558acceaa44
SHA512

9a281a9495e3fd46659e968fb47d434cf849b934fea3b2a83a709188a5ccc04a2f84a254a73736a0f327e598af419ef30d6ca24854369f8a833a560f0ab5cd67
SSDEEP

6144:9ijinB2nS1zOl96C+01u8VvsisxDynP+X1tusCT0ji+mhV9+1eyEl0SSOZBH6bz:9U+1zp01ECPS1tuLT02+k+1eyE0g6bz

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1132431369-515282257-1998160155-1000\desktop.ini	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1132431369-515282257-1998160155-1000\desktop.ini	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado26.tlb	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\xjc.exe	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\management.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\javafx\glib.md	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\jdk\icu.md	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\lib\jconsole.jar	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado15.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\javaw.exe	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\iexplore.exe	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\ImportEnable.midi	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\ExpandNew.mpg	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\pack200.exe	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll	ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5112	3464	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff9f78c37bfa63faf0c76bd06ea0c465_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 816
  2⤵
  - Program crash
  PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3464 -ip 3464
1⤵
PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
2.1MB

MD5
bf2717a7b4a5f6540e5e606e98d517bb

SHA1
3a45bd208f6e80b190f7b41c82c51e3629cdb9fc

SHA256
067d7a1a84ec578f8d1ea71247bdc98ffb51960bd05dee397ecc18e2b4e45438

SHA512
7bd065507a77000589a142f99230f5c261f72f98bcfdabed0e47310d6720936460361f3fa58cd878b4f6964f011dd56cc7fbc2f8002ec22bf4258c53e1d8b532

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/3464-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3464-2395-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads