08e78d133f6940936eb07a814e081b2574b80aeedab505adb44fbae56f60d203

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
Size

190KB
MD5

409e9756d390cb70cf307696c3e853a9
SHA1

17455caaa2a3b28a54a2a2bd08ce02090bc561c1
SHA256

08e78d133f6940936eb07a814e081b2574b80aeedab505adb44fbae56f60d203
SHA512

cee8533f452efd33ec4ed070503def4663e34d0793f9b22ef7056170260959f63c8e1c3b3522a19b45061b50857c0b0169cab3afbe8d76089c0e90499beaa255
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhfzKRIZ48MhZSIC38vOWSmBXdWM2M:JmCAIuZAIuDMVtM/KlOW3WM2M

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2748-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000122bb-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2748-518-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe

C:\Users\Admin\AppData\Local\Temp\409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe
"C:\Users\Admin\AppData\Local\Temp\409e9756d390cb70cf307696c3e853a9.jaffacakes118.exe"
1⤵
- Drops file in Program Files directory
PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
190KB

MD5
4527510c1a3071615c7212629dc76029

SHA1
b80c96897b1bd64cb2dd790863714e2f91882d31

SHA256
dd78900d8fcc494270b285da46eecd0ad58318eb8a29bbb8dfc2eecde490d7c1

SHA512
947add7c5087c9aac2443d73490432c5021889b72d0485af691a4b132a2f999c3c901954ee03db4d5619c9629704959a6c06e50c5a66c05513edec4430a2e968

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
199KB

MD5
b5de3717023786adf5e3de05de1e482a

SHA1
402d54691edbbef161173d01c8c492da90b354b2

SHA256
922c6773fafc001e32ae9fab270fe1c89d61e18f9e0e0b59d131d4cca8045ca1

SHA512
f16e562da1cee29adb59f00846498f6257278dde0935dd0acf8fdef291f00706627d044ae9744eb1adbdf180f529a97b49422952247b95dd4d576f70b05437f2

Download Submit
memory/2748-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2748-518-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads