266b2bf06f0b258aa514d790d56072acd177e9366d2e8fad13b1f2e295ea35f3

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
Size

11.6MB
MD5

02cadb55ebacd156e890be208c397800
SHA1

1835eb9bbc68c8cfb34c0968cf5f46a918ea3a75
SHA256

266b2bf06f0b258aa514d790d56072acd177e9366d2e8fad13b1f2e295ea35f3
SHA512

51ed20c9ed5fc35f5ac12786ea7ffbe4caa732efcf5e2b9745391561eebc032d97d215f49478d0b29e63bda5aab52d8a9acd185726a6037d4b6c26faa08f6122
SSDEEP

196608:VvDllG+jb2V2eBL3/TEXzeR3/TEXzR/Qh:VvDllG+Y2eBr/qa9/qFQh

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\credwiz.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ddodiag.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMESEARCH.EXE	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedt32.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdchange.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lodctr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasphone.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SndVol.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicli.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\newdev.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\takeown.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wecutil.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wiaacmgr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\efsui.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fontview.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Robocopy.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TSTheme.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFault.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\choice.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\CredentialUIBroker.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PickerHost.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\recover.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\waitfor.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xwizard.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cacls.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\expand.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netiougc.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexpress.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\relog.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\verifiergui.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wlanext.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\GameBarPresenceWriter.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msra.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\OneDriveSetup.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tar.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autochk.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfhost.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\schtasks.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WWAHost.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ttdinject.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\where.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autofmt.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_49716c2392052aca\relog.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.19041.1_none_8a292178f857b8d8\SystemPropertiesDataExecutionPrevention.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-guestcomputeservice_31bf3856ad364e35_10.0.19041.1202_none_024525bdc81df50d\VmComputeAgent.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..onment-core-tcbboot_31bf3856ad364e35_10.0.19041.1288_none_75442af2fe19577c\f\tcblaunch.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-omadmclient_31bf3856ad364e35_10.0.19041.1151_none_c86feb6936a97173\f\omadmclient.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.19041.1266_none_69f1a169b4d96a7c\r\pcwrun.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\regedt32.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wpf-presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_bb8aa452b18b9835\PresentationFontCache.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.19041.1_none_f4a6d735c6ae17c3\GamePanel.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.746_none_c291aefd01a5d6d6\r\EoAExperiences.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.19041.1_none_075470a68fcfb411\umount.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_c5675ea732c2eaa0\r\LockApp.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_10.0.19041.1_none_d25dd411ed85e6ba\ksetup.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.19041.1023_none_2cd9cc4237e09b91\PickerHost.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-systray_31bf3856ad364e35_10.0.19041.1_none_b39734a8c9c85bd3\systray.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.1202_none_cc0c3d35675da3a1\appidpolicyconverter.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-fontview_31bf3856ad364e35_10.0.19041.1_none_04a9c5158a354e7a\fontview.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..deploymentmgrclient_31bf3856ad364e35_10.0.19041.1202_none_c26e06f4b82585b5\dmclient.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.19041.1151_none_b46b739f71bbb8b7\r\bash.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.19041.1_none_5106d54a804dbfc3\tpmvscmgr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.19041.1288_none_3f2d1be96237886e\f\WSManHTTPConfig.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\AppVStreamingUX.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..riseclientsync-host_31bf3856ad364e35_10.0.19041.1202_none_42d3a7d52bcb0f8d\WorkFolders.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-findstr_31bf3856ad364e35_10.0.19041.1_none_dd2098e5f9122dff\findstr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.19041.746_none_a89196e695076787\InputSwitchToastHandler.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.964_none_dddeea757b7fbba7\f\ssh-keyscan.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-efs-ui_31bf3856ad364e35_10.0.19041.1_none_b6ba7fd85b54c477\efsui.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-capturepicker.appxmain_31bf3856ad364e35_10.0.19041.423_none_12ca604b48f8d3fb\r\CapturePicker.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_serviceinitiatedhealing-client_31bf3856ad364e35_10.0.19041.1288_none_91a5fb477b6af5a0\r\SIHClient.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-choice_31bf3856ad364e35_10.0.19041.1_none_7957f8902b2072a6\choice.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-coredpussvr_31bf3856ad364e35_10.0.19041.746_none_7946fb11bf19dc87\f\coredpussvr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_10.0.19041.746_none_251e769058968366\f\Dxpserver.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..ing-platform-client_31bf3856ad364e35_10.0.19041.1_none_bf56a5e7532d9c79\licensingdiag.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1266_none_cfec8db821d83671\winload.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\f\FsIso.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\FsIso.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smartscreen_31bf3856ad364e35_10.0.19041.1052_none_323c9a9ad543e3a3\smartscreen.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_installutil_b03f5f7f11d50a3a_10.0.19041.1_none_3c6036d4b220f210\InstallUtil.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-diskraid_31bf3856ad364e35_10.0.19041.1_none_1b7ab1943757b81e\diskraid.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.19041.1237_none_a6ef3a2e62766c5c\f\Setup.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.19041.1266_none_ee614da092435ac4\rasphone.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\f\hvsimgr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1266_none_14b8c34dbc1df417\r\runexehelper.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..tnet-mua-hostserver_31bf3856ad364e35_10.0.19041.1_none_86e0e6ce46c9ed74\WinRTNetMUAHostServer.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.19041.1_none_cb8306be5498a914\imjpuexc.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.546_none_f8b0afde1e951639\r\WmiPrvSE.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\AppVDllSurrogate.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_10.0.19041.746_none_11e04cec24452336\dwm.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.19041.1_none_a0a8212dcec26473\refsutil.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp_31bf3856ad364e35_10.0.19041.1266_none_8f272afdd624490f\f\sppsvc.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\r\InputApp\TextInputHost.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wusa_31bf3856ad364e35_10.0.19041.1151_none_21d0a68ccdc67be8\r\wusa.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..rarydialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_abd26b7610cb738e\r\AddSuggestedFoldersToLibraryDialog.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\cleanmgr.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.19041.1288_none_d616f4b76bd7b8a2\r\ApplyTrustOffline.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-surrogate-core_31bf3856ad364e35_10.0.19041.546_none_12e3d70535675c5f\dllhost.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..tx-dxgiadaptercache_31bf3856ad364e35_10.0.19041.84_none_9f3e49455f52d8f7\f\dxgiadaptercache.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dusm_31bf3856ad364e35_10.0.19041.1_none_625cda72b86ccf7e\dusmtask.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1081_none_e3f87355251e8c43\f\notepad.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..onwakesettingflyout_31bf3856ad364e35_10.0.19041.746_none_8a469514405342ff\r\PasswordOnWakeSettingFlyout.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_multipoint-wmssessionagent_31bf3856ad364e35_10.0.19041.746_none_7f157730d01dcdae\f\WmsSessionAgent.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_comsvcconfig_b03f5f7f11d50a3a_4.0.15805.0_none_468e01fabfc37212\ComSvcConfig.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.1_none_15ad78a57833209d\CompPkgSrv.exe	02cadb55ebacd156e890be208c397800_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\02cadb55ebacd156e890be208c397800_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02cadb55ebacd156e890be208c397800_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\WinSxS\amd64_windows-defender-nis-service_31bf3856ad364e35_10.0.19041.1_none_d3e3ad84b24cfdfe\NisSrv.exe

Filesize
14.4MB

MD5
51ef3724c2b715ce1ea0e5000f39d0e5

SHA1
09700f6a5b3dee616215b8d8a43a65791a41829b

SHA256
661fda6c6421837d17e4763208e3ba0faa4204c03f43c1634fe75d6b4a630e07

SHA512
43228f77230ec42becb3ead27808c5fe5aba468fdc19cc62ab01ab045ef3dfba06c20b80d3bdcc41169280c0a31153ccd9e2fbb4794ab681efb539af9d2dcd99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads