ba1cc06a5648ed525b2a32070551ec30a98a2ff728740f96175be56b05f38156

Analysis

max time kernel
149s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
Size

78KB
MD5

42f77d5c3d0256584a1f0da8389b63db
SHA1

604bd4e21741bf760a9aec0e8a8384fda57e76da
SHA256

ba1cc06a5648ed525b2a32070551ec30a98a2ff728740f96175be56b05f38156
SHA512

af30043845c1d84f412eb4064277f360707b1f0c6a3ef3fb267f41fb3d1fe7edd07f0f902d9b6d7db84f95aee8f37ae840e9fae963a78a76884133804d42f211
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg99gwVHyVnSQTQbzjrY/+TQbzjrY/Rc3Sox/6Sox/qv:W7ZhA7pApH1IwVHykEElEa0NQn0NQN6t

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4846) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\42f77d5c3d0256584a1f0da8389b63db_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:3768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-877519540-908060166-1852957295-1000\desktop.ini.tmp

Filesize
79KB

MD5
7cdd6136315cd6470676095e6b2c4caa

SHA1
f315b20e0c9fd6878b1dd9b2383c6c41a3678d4a

SHA256
59945fe85ee5bf14f442f447ef5d9fc518440595f7e9456ba836fd4730120ad7

SHA512
c1ddc53136af1173028fb705948adb18a8283b0eda10baf607ae752001c3635d80e3f0102dae1ee4fd12b5ead08da984b2bdbe18ef880cc185a6a4e31a0cc7e0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
178KB

MD5
fea7cfa951122df7e72c70d0d85b5fd9

SHA1
00d600fdc7c7bd1d41ffde5466064bf6747207ad

SHA256
d2bb99840dacf5f5d35d98d4a3d85dc0d7ef3451cc83827e4a179f536141f379

SHA512
52c2762859ae04369f31dcb533b44b1024db330c20eeb7d2b863003d7bc9a9cd02780c22f80472f00d4e502ed8ecbfea9fe7957a301fdf50c4827a7c88df864b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads