9bb5183bfbea38bda2fb6783884fff19eb979e99efc37c864e4ed11554a55b4b

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/05/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
Size

13.8MB
MD5

0c2e628122e0bd52bede4dcc1742afc4
SHA1

05aa152d739a54f660513452c155169b4dbcfb56
SHA256

9bb5183bfbea38bda2fb6783884fff19eb979e99efc37c864e4ed11554a55b4b
SHA512

58df8bb4f427fcad21f3936b3277445c41036d7ebbbfe7b889321e74df73a823412e72fa0231dab265a180b63f995936fc7735043f93110f0c09ebaa49a6c748
SSDEEP

393216:VvDllG+Y2jQfD5IR7vDllG+Y2jQfD5IRSU:VvDlli28OJvDlli28OIU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\compact.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedit.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wermgr.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskperf.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dnscacheugc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net1.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\printui.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmstp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DisplaySwitch.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasautou.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\verclsid.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sort.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wininit.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\notepad.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Robocopy.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RpcPing.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setupugc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dfrgui.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mobsync.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xcopy.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\attrib.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\comp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\osk.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\reg.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrshost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\MigSetup.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ROUTE.EXE	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runonce.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrs.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\relog.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\waitfor.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wecutil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\OptionalFeatures.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\timeout.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dvdplay.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\IMEPADSV.EXE	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\prevhost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msdt.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Utilman.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\findstr.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SetIEInstalledDate.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ehome\ehvid.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_934d08d31b96d4ee\sdchange.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-secedit_31bf3856ad364e35_6.1.7600.16385_none_0adc1fc1cb6f944b\SecEdit.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.1.7600.16385_none_963d3becc3a475f1\raserver.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_bb95e7e51189d8f9\netsh.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f\fveupdate.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_ieexec_b03f5f7f11d50a3a_6.1.7600.16385_none_53678ee8c3f93f6b\IEExec.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728\printui.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_addinutil_b77a5c561934e089_6.1.7601.17514_none_1a816bc7556b71eb\AddInUtil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\appcmd.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_3e69140a61f1eff5\hdwwiz.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-networkprojection_31bf3856ad364e35_6.1.7600.16385_none_3fbc74d90a6e33f8\NetProj.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7600.16385_none_48fe0cfd559f80ad\w32tm.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrshost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\servicing\TrustedInstaller.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.1.7600.16385_none_d9bb586ff6564bbc\dvdupgrd.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.16428_none_a56da9e617d4f97e\ieetwcollector.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5\findstr.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\mofcomp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\ehome\ehsched.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_6.1.7600.16385_none_c405852b31194b0b\certreq.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sbunattend.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_bfe4d387913dbb8f\ComSvcConfig.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_6.1.7601.17514_none_8375605f8afb0c19\wmlaunch.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\ehome\loadmxf.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_6.1.7600.16385_none_8945930a7d61b9f0\MigRegDB.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_752e3bb068638683\msfeedssync.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_a0a25363eee12f40\colorcpl.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_dea50217efd0356b\msfeedssync.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.7600.16385_none_db2b15bfcf64f104\iexpress.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.1.7600.16385_none_81d82fe9c216eb89\pcaui.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.1.7600.16385_none_a6c7190f7292676c\scrcons.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\perfmon.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_975df0a6f5a54628\gpupdate.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_6.1.7600.16385_none_a9b5c1d91f03e0b4\RelPost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\poqexec.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\TabTip.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_ddef5417d55eb944\aspnet_regbrowsers.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6\mtstocom.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.16428_none_caf2ec2ca6b08f27\ieinstal.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_ac02530437b71a3f\mstsc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..cquisition-wiawow64_31bf3856ad364e35_6.1.7600.16385_none_2874ea220a5507fd\wiawow64.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\hh.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\xlog.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791\dinotify.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14\Solitaire.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicepackcoordinator_31bf3856ad364e35_6.1.7601.17514_none_92e727843e307e1b\spreview.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_datasvcutil_b77a5c561934e089_6.1.7601.17514_none_cfdc452bbab5ec47\DataSvcUtil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deployment_31bf3856ad364e35_6.1.7600.16385_none_57e3e87206ff08ca\setupugc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmdl32.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Filesize
13.9MB

MD5
4c33b78c64277fe6d5a43b22f4fa6979

SHA1
e56abaa5cbfcebbb39d42aece68850d14466e4b5

SHA256
60ea2a147115b699129d03ddc9016be83894240fc9d91eb17fc44f2229f0f92f

SHA512
c555d45d86ad1cc933f9e2a0d6ef3a7afbbcee5baf237a32c602d9abc8dbd86328bd906fc7b84c97563de924f6d63d7e9b9d7a411ad2e45d5e5beda348f3a7a9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads