64dc0a0e1d5e117e27c957e3817677a080129ca64850d2c3968b528aa345efd3

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
Size

23KB
MD5

62cc4fd890a49a796ce26ddb45bc71f3
SHA1

2010fdd95bdc1bc5892e56759b532330d9b470da
SHA256

64dc0a0e1d5e117e27c957e3817677a080129ca64850d2c3968b528aa345efd3
SHA512

43303ce138b7e001735a17fc717165a0bdaf4da398d41e86e2725d6c7b4f01c3d5a4e77ad748f97f2e76b7a86002176ddefcd5747ba383ee8589a7a3db6799cb
SSDEEP

384:8jyvTpGA7Kjbd7qLKN0CISzQacUJXUk/yZXbHSoaZ0hpEU2QXe:8jWydZNHVzXk6Z0nE6e

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dccw.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eudcedit.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fsutil.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\label.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PhotoScreensaver.scr-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\raserver.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sxstrace.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tzutil.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cacls.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\certutil.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Utilman.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcomp.com-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\efsui.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdbinst.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\svchost.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\verifier.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xpsrchvw.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\driverquery.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mode.com	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\odbcconf.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchIndexer.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMESC5\IMSCPROP.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fontview.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ieUnatt.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mtstocom.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup16.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cttune.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\finger.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\isoburn.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\subst.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\takeown.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\comrepl.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFault.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\certreq.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicli.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logman.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\resmon.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WinMgmt.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WmiPrvSE.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DisplaySwitch.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexpress.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net1.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netsh.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autofmt.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\choice.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\mighost.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\more.com	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PhotoScreensaver.scr	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dnscacheugc.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\esentutl.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ieinstal.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wabmig.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpenc.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wabmig.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..integration-support_31bf3856ad364e35_6.1.7600.16385_none_8429bbdebd38db4a\isintsup.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14\Solitaire.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_42ee5aff60183c81\iscsicli.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-forfiles_31bf3856ad364e35_6.1.7600.16385_none_54f9c5c33edc5fbb\forfiles.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.1.7600.16385_none_25545528bd642170\taskkill.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_16699919077609d2\taskmgr.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\tsdiscon.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inkwatson_31bf3856ad364e35_6.1.7600.16385_none_644c1a991aac9ffb\InkWatson.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-timeout_31bf3856ad364e35_6.1.7600.16385_none_e8595e67dff5b7f4\timeout.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_6.1.7600.16385_none_9edabb9befc6e697\powershell_ise.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb\MdRes.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wcf-servicemodelreg_b03f5f7f11d50a3a_6.1.7601.17514_none_40fc6e6d1b4ea992\ServiceModelReg.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\notepad.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_a45d44bd1a0af822\wscript.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scrnsave_31bf3856ad364e35_6.1.7600.16385_none_3d3492aaf415de8e\scrnsave.scr-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_e6fcbd244bb7bf74\openfiles.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_13305696250bcb70\WPDShextAutoplay.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025\msdt.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a\ndadmin.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a\ehrecvr.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\PkgMgr.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\TabTip.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..cquisition-wiawow64_31bf3856ad364e35_6.1.7600.16385_none_2874ea220a5507fd\wiawow64.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835\xpsrchvw.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchProtocolHost.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\resmon.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.2.9600.16428_none_eab4546b9b62b250\iexpress.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a\wbengine.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiag.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_11b913172f0cb26f\ieUnatt.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_7a1e2959bc43abd5\DpiScaling.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.1.7600.16385_none_c0aa8bc2de239cf9\wevtutil.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_a2fcd94e8fba36f5\RMActivate.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_698e475b97512fc9\PushPrinterConnections.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_a69c6a8f23f521f3\diantz.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_7addf2001d014646\dpnsvr.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_009cfaa696afe78b\comp.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-osk_31bf3856ad364e35_6.1.7600.16385_none_aa93298fbb4246f2\osk.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0bcbfdec6b984220\msdt.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.1.7600.16385_none_ff7cf696bfb54620\ucsvc.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\tscon.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Journal.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696\wsmprovhost.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.1.7600.16385_none_31ae00ebd2fb34b5\icardagt.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_975df0a6f5a54628\gpupdate.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmmon32.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\poqexec.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.1.7600.16385_none_6f1d25ec0a04d811\rasphone.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_6.1.7601.17514_none_9757fd443892abe7\inetinfo.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_097346be305f3966\fixmapi.exe-	62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\62cc4fd890a49a796ce26ddb45bc71f3_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
954KB

MD5
0e35b293a35e78965394d6aaad2c136c

SHA1
257d0c60d349b1cceb57e0089d63a123beb9d3af

SHA256
d0ce8cb39819d5f36e90b3909e8643c4518184d4ad3cbb632513ed3b4134acbf

SHA512
8092f4167977690934c85b9754b426cf2c6ba5c878c6b0e063916c11606928d1267b92462c1e91eaab293110648ff2f412f8578564f5b0bd3e4ad119a6675acd

Download Submit
memory/1684-3672-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1684-3676-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads