29ff448edf644192eeb8e56a68b463cd11eadb3dadff46a080a71229c8fb8322

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 20:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
Size

101KB
MD5

cdd076f050d316361e8cb9614f9f588a
SHA1

23f2af4857fb676cf0a459805992c69a2de75769
SHA256

29ff448edf644192eeb8e56a68b463cd11eadb3dadff46a080a71229c8fb8322
SHA512

73271ada0199318bd3b6ef8d5166fd79bfc79e9f03c3e972e9e1db865f9d055ba713a5d7f607e8a04888f486b7f1640efdd214b1def9c145c62d80c449a34379
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEJRTug:tFPxPke+eI/ug

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\TraceMeasure.wmf.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp	cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\cdd076f050d316361e8cb9614f9f588a_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
101KB

MD5
81bb2fb044749b762aae2d97fe3a7e9b

SHA1
8ffa3b47a33eeed7edc82ea8ca919e69c712ce62

SHA256
0af3ecbf1c58aa87d1a38ba10c092207d48cce628ae8a24fbd497aba2f447d81

SHA512
c80583c9ec8fe7784529d4abc7dc9cdb0755a2ce5d1acc2a47408c9d705524fc6a396307e598cc55ba27eb94fa59227e6208bca4b7d9b30fb515484e9dcb434a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
d0c1da118b5eede097650c030503b8a1

SHA1
b5a9e2f67e27ef246bafeb1fe6c1247990e929cd

SHA256
579d47cf70e5d597dcb434017bffa5fe332ba76f740112159cb321d22a9f8717

SHA512
c76d5896dd14002fa7867ba921554903bfde452e5e9b88267765893c0f2ef50450aac20d113d459d96b7208f6b959be84bcf6ff1cf5feb73390e26e22c6c0a63

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads