ba1cc06a5648ed525b2a32070551ec30a98a2ff728740f96175be56b05f38156

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
Size

78KB
MD5

42f77d5c3d0256584a1f0da8389b63db
SHA1

604bd4e21741bf760a9aec0e8a8384fda57e76da
SHA256

ba1cc06a5648ed525b2a32070551ec30a98a2ff728740f96175be56b05f38156
SHA512

af30043845c1d84f412eb4064277f360707b1f0c6a3ef3fb267f41fb3d1fe7edd07f0f902d9b6d7db84f95aee8f37ae840e9fae963a78a76884133804d42f211
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg99gwVHyVnSQTQbzjrY/+TQbzjrY/Rc3Sox/6Sox/qv:W7ZhA7pApH1IwVHykEElEa0NQn0NQN6t

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3551) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
79KB

MD5
63d5c54686b127692eecf58d0385d920

SHA1
0e261387518e0f89602d58f961799a5ef78f2b0e

SHA256
d03815ff24fe8c7e0c193fbc41df0a8e0c6225f8fd1bd05191364484928ace18

SHA512
7eecc8ad7062abb36d4762cc32ce08dcef9dd426427a9bea12c3dfb418085293df791e71a90496a4c3d72659d1708b62e9d704ef7746a9aeb9ce359b1a8c5115

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
437bf6a5a29e5aa87014c230a5ae0dd1

SHA1
6148a6d4a7cd69d0ee63f13c2c61e197b69a2659

SHA256
fce2c9bc3d4eaeef7c39e0ed1e68b36e970961f1c03d129abe4dd671e828c1e8

SHA512
7542f7701e03f5878b3bb6d23774b9111e6243375be38cca9c62fd9a43c2d623a12df4b3ffef65436a9f271bd380d2c75ae67293d7789e61d18a0a38719d5b89

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads