beede0aab03a315b2f5be04d41186dab5e85926b72937b900067529151d9ca9f

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
Size

78KB
MD5

5f4a0c27ea898089b05bb21d3e775bc1
SHA1

6e8df39ae7986deb44e878383ea4f4d3df3bbc84
SHA256

beede0aab03a315b2f5be04d41186dab5e85926b72937b900067529151d9ca9f
SHA512

79e4b1304004ddf9958071a9b2ef0e3031fce07babd1dbe297ea2d0c4ee8b4b5eb9eceebf638a672da91c62e91c848d9a2cb7cdaaa892419a8fece84980c6a48
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/aJaKJaHQL:6e7WpMaxeb0CYJ97lEYNR73e+eKZO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3435) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5f4a0c27ea898089b05bb21d3e775bc1_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
78KB

MD5
e9b931229adc3efffb1343b981ac1516

SHA1
92c613842e63c5dc1ce2905eb8f06c611a92c352

SHA256
33e450466ea3a447fcf6e3f328852eb2106f94884d74b9bd9a6065f27150688b

SHA512
f5cddc2949eab8fe73c8e8ede8ee4f43937d8636f364cc7f8ca529cdc142368ad726f8914a15ddff3251ffdb19c86c31ba235f62670be703f5fd92fcfaafb0f2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
a655b61ac36e2456d3b1341c7222ffe1

SHA1
60131ca484d8d7aa7db87c4a83df5e4a898a48d1

SHA256
03275772114fe577cd4d63a4b0ede8884fec53e63a88774855f496863af0a2b6

SHA512
12f48bfe463e35d2fa7e708cc83cf1fb2c64ea1a1e5a090ec777bfdd4b05b732a9c7aa5eec5f22046e0621a854afedccb311692c70109f4bd1b2db94f2efb108

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads