2c51dd8c892d7852051f8cff6bb4cea70117b2b32aeb3ecd297ff2626065e0c7

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
Size

69KB
MD5

c011639e6a15fe27d114b552977cfc07
SHA1

d28f33953e6ae7294163d2908e0b828810d261a7
SHA256

2c51dd8c892d7852051f8cff6bb4cea70117b2b32aeb3ecd297ff2626065e0c7
SHA512

904034e6c609022cc1e451b023aa62288f93ebe60d6f6357c1f4e231e682d50a4ce609f09e34ed6ff984fe92ca3930cfe57e30052e8b739bc245d1737002ab16
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhu:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3652) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c011639e6a15fe27d114b552977cfc07_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
70KB

MD5
fc57873f08034906cc76f71674dffac4

SHA1
4e8f5a4bc0ba2b9d37a3d607362b02ffeda4cc8d

SHA256
c7ce523b7e136bb41eac03febd3fe8eb4562b07cfd7da3c900283ca2ddf6192a

SHA512
d27c42631107f95f2a5042067fc98b87d4f684d97ca155c9e87a1786abd3d09e16be835a02885e2c8c151baefe032c5d98aca58a7c8960c31bd1d92c00aa9ef7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
07476dd2305ce6ef2ac1d64c56cc4c77

SHA1
e4b08bb350068c9f649aa636548bf6e9024bf919

SHA256
1dc985734233f0246510d72d7feadcb9783981c2f94f97b7f77433378f734ddd

SHA512
e2bb57bc2270e028e4747dcc070cb567583acaf8ff7324b2a6f17fc2bb5f021bc09f5d1f49aca6a94d9b6478378f7767a18b0cd70e95f43a98e5465a3cbfbfa4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads