9bb5183bfbea38bda2fb6783884fff19eb979e99efc37c864e4ed11554a55b4b

Analysis

max time kernel
157s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
Size

13.8MB
MD5

0c2e628122e0bd52bede4dcc1742afc4
SHA1

05aa152d739a54f660513452c155169b4dbcfb56
SHA256

9bb5183bfbea38bda2fb6783884fff19eb979e99efc37c864e4ed11554a55b4b
SHA512

58df8bb4f427fcad21f3936b3277445c41036d7ebbbfe7b889321e74df73a823412e72fa0231dab265a180b63f995936fc7735043f93110f0c09ebaa49a6c748
SSDEEP

393216:VvDllG+Y2jQfD5IR7vDllG+Y2jQfD5IRSU:VvDlli28OJvDlli28OIU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\subst.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\UserAccountBroker.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasautou.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\typeperf.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xwizard.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\OposHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dtdump.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\recover.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\secinit.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tzutil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\CloudNotifications.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\control.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\extrac32.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpupdate.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ieUnatt.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mmgaserver.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\CameraSettingsUIHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shutdown.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\unregmp2.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RmClient.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ThumbnailExtractionHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\findstr.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicli.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\printui.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\svchost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Taskmgr.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskperf.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wscript.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wecutil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskpart.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\write.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\GamePanel.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\resmon.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemUWPLauncher.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\notepad.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\odbcconf.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runas.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\verclsid.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xcopy.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icacls.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msdt.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\isoburn.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TpmTool.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe

Drops file in Windows directory 63 IoCs

description	ioc	Process
File created	C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\CameraBarcodeScannerPreview.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_10.0.19041.1_none_c9157ddc38b83b1b\aspnet_regsql.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppResolverUX.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\winhlp32.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\splwow64.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\OOBENetworkCaptivePortal.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_aspnet_compiler_b03f5f7f11d50a3a_10.0.19041.1_none_9202844cd514ab44\aspnet_compiler.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Win32WebViewHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\FilePicker.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_addinprocess_b77a5c561934e089_4.0.15805.0_none_74baba51266f3010\AddInProcess.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_addinutil_b77a5c561934e089_4.0.15805.0_none_fcd173bc1b434b81\AddInUtil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_comsvcconfig_b03f5f7f11d50a3a_4.0.15805.0_none_468e01fabfc37212\ComSvcConfig.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\HelpPane.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15805.0_none_646d7347043be71c\aspnet_regbrowsers.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\hh.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_e190f18a08ed1a44\FlashUtil_ActiveX.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\explorer.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\CredDialogHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\UndockedDevKit.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\servicing\TrustedInstaller.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\FileExplorer.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\OOBENetworkConnectionFlow.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dfsvc_b03f5f7f11d50a3a_4.0.15805.0_none_c0d2d1227427864f\dfsvc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2358a116979cc599\FlashUtil_ActiveX.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_10.0.19041.1_none_e51212a36c631d23\CasPol.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\Boot\PCAT\memtest.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\sysmon.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellApp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\Speech\Common\sapisvr.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Microsoft.AsyncTextService.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_4.0.15805.0_none_faee98a3c711fae7\AddInProcess32.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bsdtar_31bf3856ad364e35_10.0.19041.1_none_0c1f19c50b5e5f6e\tar.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_c6dc1994db088235\CasPol.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\bfsvc.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_10.0.19041.1_none_3700bdc08c446a5c\AddInProcess32.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_73cc8b3e43ba1056\aspnet_compiler.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_aadf84cda75da02d\aspnet_regsql.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.19041.1_none_345cbd92bc885eba\curl.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_10.0.19041.1_none_82a36c559596820a\aspnet_regbrowsers.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_datasvcutil_b77a5c561934e089_4.0.15805.0_none_5b1ada239e3b0505\DataSvcUtil.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\notepad.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe	0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0c2e628122e0bd52bede4dcc1742afc4_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:3400

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads