Analysis Overview
SHA256
221e4fda313b2696d3c14325b581fa777c76be95567975999f6b554764b061af
Threat Level: Shows suspicious behavior
The file a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:24
Reported
2024-06-13 02:27
Platform
win7-20240508-en
Max time kernel
149s
Max time network
138s
Command Line
Signatures
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Runonce = "C:\\Windows\\system32\\runouce.exe" | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\runouce.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\runouce.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre7\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\readme.eml | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\readme.eml | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\readme.eml | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\servertool.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Stationery\1033\readme.eml | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\readme.eml | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\readme.eml | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\kinit.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\MoveEdit.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Stationery\1033\PINELUMB.HTM | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html | C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | btamail.net.cn | udp |
| US | 8.8.8.8:53 | btamail.net.cn | udp |
| US | 8.8.8.8:53 | btamail.net.cn | udp |
| US | 8.8.8.8:53 | btamail.net.cn | udp |
| US | 8.8.8.8:53 | btamail.net.cn | udp |
Files
memory/1692-0-0x0000000000400000-0x000000000046F000-memory.dmp
memory/1200-3-0x0000000002140000-0x0000000002141000-memory.dmp
memory/1200-2-0x0000000002140000-0x0000000002141000-memory.dmp
memory/2168-4-0x0000000000400000-0x000000000046F000-memory.dmp
memory/2168-5-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Windows\SysWOW64\runouce.exe
| MD5 | b8847f1431d7d3b9d7303b1a93947257 |
| SHA1 | 8904d8580083245dbb0e55a759628bd5c494692e |
| SHA256 | 4201e1e7da3e662cd431bdb9305ff606790457de1ced0733a00ef71570acd4ec |
| SHA512 | b7692e9276a8ee5668b5ef5c9798550f4ff09d9bdb2732642ba7047a4e172fc4bc6dad58f7bb730e1c84ee8d6c678d6e3999ccc600cf7db19bf414dfc44e7f85 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\readme.eml
| MD5 | 3f1c688d6332bced3b24d5ed1d929fe0 |
| SHA1 | 9dc6cfd1c1c883b89a9b7a484ced450951511e49 |
| SHA256 | c8ad4a2a34f890e06b0edf3345a125e7d573c0b4f1cfed05620c2ba08622820a |
| SHA512 | da7f03c777b27f7455ed3871f889c639a12475ab95557ca43d97640646f6b5c73e86d80904a0417db9dcad5a5982dc6c1648abbf61298747c24df9fc70cc0938 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
| MD5 | 8156706568e77846b7bfbcc091c6ffeb |
| SHA1 | 792aa0db64f517520ee8f745bee71152532fe4d2 |
| SHA256 | 5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8 |
| SHA512 | 8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
| MD5 | 7757fe48a0974cb625e89012c92cc995 |
| SHA1 | e4684021f14053c3f9526070dc687ff125251162 |
| SHA256 | c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03 |
| SHA512 | b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526 |
memory/1692-658-0x0000000000400000-0x000000000046F000-memory.dmp
memory/1692-853-0x00000000004E0000-0x000000000054F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
| MD5 | 8998886429195c3e00c97d7e61c5a5bc |
| SHA1 | cd3367a165a0b34bba53ba5193fd8d06294f76a8 |
| SHA256 | 97ac8c02c7501bddcbcf6d5958f18d98c0fba2c96d328a9f0ffb7c2a1efb4172 |
| SHA512 | 6e76ac31b6d5c4152c3a0ee9b82dc2f13e1a1d6c01201072108932eb8e6c45ea65a8b86a9ae531f33066bd1f982488f1cbef25bf438951b6c536f86924332773 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | c7a7a8389c8d1cdc20f178e4f0bed327 |
| SHA1 | 747411ccd42b7e5e1a8abcf1253c74e8421d2105 |
| SHA256 | 4e4d84ef49c8ffeac9841c47140e7a3e2c44b35ca8566ad60abb649c33be57cd |
| SHA512 | 04907d3e65299828c78dae51550cd2538bcd791e033c0305e79935d59f9ecd59012effafb01303060b1f05459c533b6046c4b7cbbfac06017804ac0948166115 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | bebc052afd935a56d6f1c622e93c49d0 |
| SHA1 | acb6280d2f525772d5facab81c74e79bb6910405 |
| SHA256 | 0339dbecd5a7253adcfccc7130a32cbef17e5377b9adc492c9d96e5f0b16b5d4 |
| SHA512 | bf72cc896486b87bcd9f657a48df2198dd292a596ee83346d2dd78befa098394faf67e93944fd0653bea6b7003090025498f4cc20f020542996c59a34484884c |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | 81cb6f6bd84ff2236f3f39760ff4bbb4 |
| SHA1 | bd2a05c0f6979be6967242b00beda12b1d6f0fd7 |
| SHA256 | ad63cdd8aab10e7868abae54ee217a8527e67f072b9e9310a306be5bf7ef55a1 |
| SHA512 | f835a3598852f727d403f2232367705d0f7792f165013b7f64e12c5b339329a1b4c3668a7e2614e6504af2b2a45fb388c4eb00a8dd7fb0541e2ccbe0e564ee3a |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | e834d89d43e2d335f34193c341ae290f |
| SHA1 | 9982e1455e99eeb0f8a0c38f191cbc5eedad7295 |
| SHA256 | e46a0ffacd8ee9382345b6c070b721d750bbb3ae83fafd308763bfc176a16a8a |
| SHA512 | 43938250df8108f4248ce4e3ba0690800f8488203e62acf4546b67840ca2f20136405d251097fa3fd3a55b0cd6c41ee0ede3ca0c0c826a0c9e5a92f0a44b9b6e |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 1255896fb2b8a478bb1ed97ee238ec2d |
| SHA1 | f3edad2eaa55dce752a9a980b22eff99686e56ba |
| SHA256 | b45406575a6554e5e0dd810b592488c34194aacc9e929cdcc90fde1566ed6f3f |
| SHA512 | 8bfe1f1d2b2fef7d0f7298fc07f6b6a18983e3d62f40f540bcf7fd1bd03e405ab61fe1b3225a929283211ef6e246cf89cf38089d4cec0cadb4e8f13825afd3e8 |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | 25c1dfa6742d0977ba53db848adeed89 |
| SHA1 | 4846cdfbe6f6b3f82dce4905721cc65f1220e312 |
| SHA256 | 2ea3fca7176d7afb7cfee9f6d112849d89fa44ef5ac3db4f5d2e2e1e13a9e1b7 |
| SHA512 | db3833b0e01901c0e790664ea23e2a4b687af8fbe7b4165c591474815067ca3357a1719a60b25f4a9621aad8c6f9f1bf795779faa3285cc60d7bcd3e0f1c41bc |
C:\vcredist2010_x86.log.html
| MD5 | 1cc0fe68c2303e5fd2246df69bdc5e22 |
| SHA1 | 712ff37ac4074a6883fdefd69f84a88195ace920 |
| SHA256 | 10b4f3c83e4abddd16cda48b6d76e6a9dedbaa101e66aab529c0d5a0b65c2510 |
| SHA512 | 6def6582e7ab36a85a4b62ca2a9150d105d94e547d8bd0c7b0ed790172d227149abf3c6b79ee96df1e0ef0f4b7c995c99c8a55dbf8def265b4a2ccee0559065f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:24
Reported
2024-06-13 02:27
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a38676a506f418d7046a8c4fcca8e75e_JaffaCakes118.exe"
Network
Files
memory/1244-0-0x0000000000400000-0x000000000046F000-memory.dmp
memory/1244-1-0x0000000000400000-0x000000000046F000-memory.dmp