082f3fc881c3502a73649fb9b23c8eb24e691ede6595a5b3fa84fc1ed12c9150

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
Size

145KB
MD5

b71981b070614c5adc7a898f3b31d72b
SHA1

aba85ca2c44073cd078313d2f73ba735c42c61bb
SHA256

082f3fc881c3502a73649fb9b23c8eb24e691ede6595a5b3fa84fc1ed12c9150
SHA512

06cfa1bd7cb37067a3cbbb7b9452d929edb3e5a4cac9be4eb6d376b3fbfa9cbbdc17d69759df3b92f4800ad45063c2a66a699ae46b0b209a2c4585766bae9d32
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhflixi4wewB:JmCAIuZAIuDMVtM/WwewB

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4848) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1168-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000023288-2.dat	upx
behavioral2/files/0x0007000000022959-6.dat	upx
behavioral2/memory/1168-1738-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\InvokeConvertTo.wps.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\LockSubmit.rm.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp	b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b71981b070614c5adc7a898f3b31d72b_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:1168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
145KB

MD5
2a04dd0a8602b36548cfcdaa1ca5e21c

SHA1
360fcee15c8b0ab9ca62e9122bbbac4bccb14908

SHA256
e06a8986aaf51da013e918abd9ba3264b46008815de5d41ec20620e57b15b029

SHA512
dd6e3585173157946ddb462175481ce10c5390d294f7602d585cd54d3467f93c5a4245f304d43d9dcddaa718c4b5be0a1f7dcd4c40c7714467dac89db5ab8f79

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
244KB

MD5
4ff32b4bc9680ab565119d959aec7c3c

SHA1
8827a7c741fed955f8962ef43407a8b4dab720eb

SHA256
73e78f506e967042341f382af03d15b03d0a71680a92ffbb7ed5e26349a8fd5e

SHA512
cfd12c265b261d2f95bf9930ad317785dbf9a53581623d43a4fc99d6641599254dfd47c9693325e6f52374ac6a1ffc9ec5c73282dd21b059b997485a73bb0df7

Download Submit
memory/1168-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1168-1738-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads