9435e97fdb98202ec167e6e86a67b9694820c8285235bd179b91f86a5e7b6756

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
Size

347KB
MD5

6fa0549a0e34ed8028936bb069a39d07
SHA1

96af6ce3d96f899c524c208e5b3949542bb7b6f7
SHA256

9435e97fdb98202ec167e6e86a67b9694820c8285235bd179b91f86a5e7b6756
SHA512

54cb12711e14b5de7f93567a6b154b0267a3e5c510c73a48d0eb963d26766eea65d0a70ae0e2eaf95a989771aab6f8987298ad164b3dcdd8574510c956380464
SSDEEP

6144:JiQSo1EZGtKgZGtK/CAIuZAIupQSo1EZGtKgZGtK/CAIuZAIu8:AQtyZGtKgZGtK/CAIuZAIupQtyZGtKgB

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4115) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4180-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000e000000023b99-2.dat	upx
behavioral2/files/0x0008000000022972-6.dat	upx
behavioral2/memory/4180-1286-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6fa0549a0e34ed8028936bb069a39d07_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2860750803-256193626-1801997576-1000\desktop.ini.tmp

Filesize
347KB

MD5
ed5c1bafc20933cf6bf84630ab0b68aa

SHA1
f60eca962b3bc9d7ae955483ac10fa2bbdcb7ff1

SHA256
f984024ad293f543cb6ca0f7e46888a5c40505670ab809a930d133660ada54a4

SHA512
9bdceae94bcac65554c0d52e0d8a810843c5ded03a3aa614db541958cf72b3c56cb7d440ee8dbc8f8ff7ad176f3c4736e214674ba29dd79d754ef8b99314cc6d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
446KB

MD5
4f37aa3931105fd544b413310946ddf6

SHA1
c9c90d44d0b68a201ee89725525c8204119ffdc4

SHA256
9f055bbfd50c6f001df3c191a43c200770095f128b16d1f2070cf6dd311e7110

SHA512
cde41f8b4695d99c96dc88c3ad6d00496173e93bb664aeb3d9aba4b955d2cb0c760acf5f01dbd121c7aa3ed0350ea43e3ad44b0ee3c7d6e7feac346a428a6123

Download Submit
memory/4180-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4180-1286-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads