9a6396ee3d4b10628a3a475b77d005490953e9771d0d8fb1885e50cfa6f29fb3

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
Size

152KB
MD5

7b5faa041995f0a68b7f6b40279d78f4
SHA1

4782e4b4504ab3b2d9787842f97e0268d038a5f9
SHA256

9a6396ee3d4b10628a3a475b77d005490953e9771d0d8fb1885e50cfa6f29fb3
SHA512

f60a87b52e7ddcb8f472c2c6559b1d08f91069e92af4293256f959e5ce42746397bda4dd56020426fc852e4e7a07dfbc7fde23fb7fd5ee16123aea96974d1711
SSDEEP

3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtdH:KQSo1EZGtKgZGtK/CAIuZAIu3

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3303) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2884-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00090000000149f5-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2884-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
152KB

MD5
df33c81e85c6cf7a336b5f84bafbd271

SHA1
1e320d9b718693c23ac82c1eaadc94cfc8f916d5

SHA256
7f61262d0961fc982654e53d65b26891344ddc1cc87805ab34a0b40f868f36da

SHA512
6a06e51e860595f3273c1226afb1aa465ad758456635bd455a0e61efaf773c536be3b7c76cb1388a172d7802a493e85bd548b98784413778f799ddc3f90c4947

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
161KB

MD5
c2233382821b63721364fdc90f780196

SHA1
17b2474d12815aa27135bbaaf5c90b23b9b9cb15

SHA256
0c89485034e1cbdfa76af17f0123166fb579b5b77f22bc6fab0a929f12556217

SHA512
e5ec1f238539c67805d2e41ca2c5e30168e54723b97b64ba22542a384c47ba55f3a3919c55098bc1fc160549e894abcaea6e0bb8200a0b43922ea242680b89a6

Download Submit
memory/2884-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2884-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads