cbf9f89f26c6ddb1669d1909e771588b1683b8169fccbc5b6e77c538bb8ae5d1

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
Size

103KB
MD5

54364ec3491ca86f85d8a4063a2c8756
SHA1

079093cd6d2e42673991c5bb901d6269bd2e418c
SHA256

cbf9f89f26c6ddb1669d1909e771588b1683b8169fccbc5b6e77c538bb8ae5d1
SHA512

ed94daf0ee5b17de6e801fb1695b95769d7408a363be7cf03810639a9ffd313e5aa767da3e52962f512e78c272ab7b252bd0fcba7b4244aeeaabb6329af155e7
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfw:hfAIuZAIuYSMjoqtMHfhfw

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1620-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d00000001342e-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/1620-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe

C:\Users\Admin\AppData\Local\Temp\54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe
"C:\Users\Admin\AppData\Local\Temp\54364ec3491ca86f85d8a4063a2c8756.jaffacakes118.exe"
1⤵
- Drops file in Program Files directory
PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
103KB

MD5
798b58c10a8bc82f8a80a679f624fa12

SHA1
4215015f047f281ba96eb2488b54637150ecc9f6

SHA256
a5b8324a54ccffb330ce6305b5fb7369b4604427150678a2714cd546d3209e79

SHA512
7776bfbb2edafe4d5d8f83d2994710abf291e81d3401ccdd7c7d047317792a9b405677a384ae0b2a042752885f7314346c0a4e253a169119441b36e8ff76cb66

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
112KB

MD5
b285914e274915db52c4fd5b7d349738

SHA1
7165e28c40ead0a8b33516df9d2faed3fef3548c

SHA256
c0e0acce1e31459db0b427a871750a805e4553d5d2ef3f9dcd6f75091efff122

SHA512
66a34d1468801f4eaf5d1fe0fc44c636c5b8a71b3d62a8709eec711263c7150ebc54aa0aaf03eb866b450f70bf42b78ec5675d3567ede3934be934c98b02d094

Download Submit
memory/1620-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1620-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads