Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2024, 19:00
Behavioral task
behavioral1
Sample
fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe
-
Size
1.8MB
-
MD5
fff3be03cb06c548a62771964cf653ca
-
SHA1
454ac10d3f3d0a56f5b00fe3658cd5105f2e832c
-
SHA256
d457a82051471914cb8222ca8e5c473c8d6e5c6d1a2608b283febf0d345417e4
-
SHA512
471fbb50da15c61b56067d2d892b8500f9c7f1e4118e6df19f99bf7307dce1a0955b955242fbc0efce5d20ed3b594e5f1029bc4338cc7fc86ed76a396facd882
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqN:SCqm2Jpr0nNM7Dus7Nxo
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2212-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x0001000000022aa6-5.dat upx behavioral2/memory/2212-6039-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/memory/2212-14117-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Program Files\desktop.ini fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-400.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200.png fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\THMBNAIL.PNG fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailMediumTile.scale-125.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_fr-CA.json.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymb.ttf fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Common Files\System\ado\msado27.tlb fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-400.png fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Shared.v11.1.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Google.scale-100.png fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Glasses.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch-Dark.scale-150.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-24_altform-unplated.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\msapp-error.html.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageSmallTile.scale-100.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-lightunplated.png fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeWideTile.scale-400.png fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-100.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1851_32x32x32.png fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\af-ZA\View3d\3DViewerProductDescription-universal.xml.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymxl.ttf.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\DocumentRepository.ico.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\FFmpegInterop.dll.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.exe fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\PREVIEW.GIF fff3be03cb06c548a62771964cf653ca_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD5b96e6b7fde3358f5c6f4c51da98dac17
SHA16e1696c8183ecdabedc5447d6cc5254fd5a57dba
SHA256d464015436ed7d5e6c241095773a133eb2574d09d78ff613a63ecbdf219be716
SHA512ef41075d532e30b4446b7dda627dd8153b5151edf065ba21ba1cebc09c2d39056988855084c5fa82d9bb546f476db3c325a1db8ab5b6d07db4476fc9db749e8e