8a365fa959369919af757b979ce20fa868b939d7d784101c4432b524f07a0363

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 19:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
Size

85KB
MD5

8472b271cb10bb7cf7514049b898d9c3
SHA1

cfee246a5dea2bc34f61b54e04ccf835a075f0d8
SHA256

8a365fa959369919af757b979ce20fa868b939d7d784101c4432b524f07a0363
SHA512

9ce9988f854995091be78bfa71773e9874e5d14137a2823135ecc3e3301238ebe93054c05e10c9c624127bf6b1fb7500b4d19f20ea8e1025086787fe19f64ada
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q4xFrphgi1k:+nyiQSo+hgf

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3388-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000c000000023b4e-2.dat	upx
behavioral2/files/0x0007000000022971-6.dat	upx
behavioral2/memory/3388-1646-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ms.pak.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8472b271cb10bb7cf7514049b898d9c3_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:3388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
86KB

MD5
a79b5ebbf1250e598e8540a375463753

SHA1
bb0d7789b320de29869975504471890831fe2665

SHA256
7aef03f2837ad2ab1812fcd3d29c93513eec6583454819e9afeedb7616368e7f

SHA512
137784975d3c4d9ff1407d76778abefface046190e6af902457441acd20dfd3eb0a8a447c8d02ac8b4bad4515224a892046b7e6c09fa64148610467b8f4633cb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
184KB

MD5
1e86bc21facf068335e5a70a2a913403

SHA1
10c6a90646ef10685c475284bff5173cee57ae9a

SHA256
8286fcf3ed920ad385234d1b5e536876d3f220db7d1d74cf5f07dabc5caaf002

SHA512
5d2c2d085b161dfeebacb1ddc30fd69c79db6cb12750bc39783fdbcfcc046d52e380ef40a688daac25b0c3a41775a6dc3fdc74017f7787fc9c8ef196e9761119

Download Submit
memory/3388-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3388-1646-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads