e222924ccca541fcd4eb2ae1ff3a1af488d8df580abadb7a4237cd6899096470

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
Size

97KB
MD5

ae748af4e01fdd4d7fd997371883fd1e
SHA1

fe7bbf9b822ee427ecd24a8e609247a3c6635c56
SHA256

e222924ccca541fcd4eb2ae1ff3a1af488d8df580abadb7a4237cd6899096470
SHA512

6b41fe0ccb82b78e4e5cf88cffa17f2488d86c76d18097c0f47397c66338f8084c607ec74b093096d42def484e9551764e804f75583893e66899ab9363ba6a22
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf96T:hfAIuZAIuYSMjoqtMHfhfU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2856-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000015d0f-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2856-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\library.js.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp	ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ae748af4e01fdd4d7fd997371883fd1e_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
97KB

MD5
66ab5b4443fb638630001dfcf6e4905f

SHA1
1391e4ef6fd2f838d7b35d665dff75e4387ea967

SHA256
26781017da7c3920f7fe6d055dfc479a7fbb68062a8d73fd213457cf39fc9c76

SHA512
1403f65dc84e9ab8f2f46712e6d10f5accd39d29295ac3088aced707225900b141a45836d5bf0889a25332ac7479bab7e700ef872ba17c54befaa7b2061caf89

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
acc78dbc67c5918f5754da01ced43f62

SHA1
55e071284b29a44d77a449f67fdee999705f64b8

SHA256
e6af4f8813d4c1eeab5aeb9702f1d1c58eb06d9a145884afa406dbf5021cd370

SHA512
d6ce4e397fbe234bf5dfa3bc9ac1fd016fe6d97fc0b7d25b4ce51a46c909511ccaa1ca0f98686a3660c7d45ea9ad60ce8f50d4d267eed9ed9fe8f894e9ddfb9d

Download Submit
memory/2856-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2856-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads