9a6396ee3d4b10628a3a475b77d005490953e9771d0d8fb1885e50cfa6f29fb3

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
Size

152KB
MD5

7b5faa041995f0a68b7f6b40279d78f4
SHA1

4782e4b4504ab3b2d9787842f97e0268d038a5f9
SHA256

9a6396ee3d4b10628a3a475b77d005490953e9771d0d8fb1885e50cfa6f29fb3
SHA512

f60a87b52e7ddcb8f472c2c6559b1d08f91069e92af4293256f959e5ce42746397bda4dd56020426fc852e4e7a07dfbc7fde23fb7fd5ee16123aea96974d1711
SSDEEP

3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtdH:KQSo1EZGtKgZGtK/CAIuZAIu3

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4725) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1156-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000e000000023b74-2.dat	upx
behavioral2/files/0x0008000000022972-6.dat	upx
behavioral2/memory/1156-790-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sw.pak.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\AssertBlock.ADTS.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\da.pak.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\bn.pak.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\mr.pak.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoDev.png.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7b5faa041995f0a68b7f6b40279d78f4_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:1156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2860750803-256193626-1801997576-1000\desktop.ini.tmp

Filesize
152KB

MD5
29baaca7665492f87419c0a220731ce3

SHA1
87a4cf4f77ed12c1b3f66f4610b41ccadfc9d9fc

SHA256
7f59bebf9a432886d1023b5159ae21cdc632ec32e4aa8f9283736687081b2ae3

SHA512
d38618dea86f88d737591cdc6de9aca03541a0489c244bdaf12ef041b4feaca0cd90f45698c6450cd6c930958493e22290598d78502128a7db85e89e04d1bf4a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
251KB

MD5
44b3dd800a1263ecbda252acc869c15b

SHA1
9e59adb07893a69de5bd03353e3e8fa9d28a7f53

SHA256
7f54d595fac1ca3c06a1be12fd3f3bb9bbedf9fa16af8f7280955bbcb39e5448

SHA512
c6301ca1616999f7f62d3285a8d5a895e08f9f3e6645f06a7736de60863e2c3932051d1b2ae4ce476ca211052a424e01e8fca9c501bba57e5532c4b18e57b29a

Download Submit
memory/1156-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1156-790-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads