6860d6ff5accc8abecee52d2ae0b9d51a256ba7dfe17e75f58827ffcb90e1a3f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 04:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
Size

308KB
MD5

acdef7773653e5191f6f1872f0095fbc
SHA1

6388aaeac6da789369d5ca0849a988dd91b538c3
SHA256

6860d6ff5accc8abecee52d2ae0b9d51a256ba7dfe17e75f58827ffcb90e1a3f
SHA512

d4de1f766d38d74fb5bba03d350bc7924b18b15fe4432847568cf0be9453bb6434c9bd31a37aa6c5f3a931facd0ccab01305b1091246f0fec0a3d35e8d9440b7
SSDEEP

6144:wNmft7iTn88Wme+pQ0P3WBYUGiIl1DDWX2O/aLWJSYCG+:lryF6F/aLM

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\ImportGrant.aiff	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\IEShims.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\es-ES\wab32res.dll.mui	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\7-zip32.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msador15.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\el.txt	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdaremr.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\be.txt	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\EditMerge.eps	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mn.txt	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File created	\??\c:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll	acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4176	4828	WerFault.exe	81

C:\Users\Admin\AppData\Local\Temp\acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\acdef7773653e5191f6f1872f0095fbc_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4828
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 1016
  2⤵
  - Program crash
  PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4828 -ip 4828
1⤵
PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
2.1MB

MD5
39a8c9ff2a7bc8581e2b09f8c64d64e6

SHA1
fdc1ccc9a8816995bf9ad536257079fa7bd33ffe

SHA256
f60d50b643cb08a7cda3fcdbfc09d25024bc32c3263757a2182a6a07a817f58a

SHA512
e775cf2cef9956de8882f99825e5bcdecfa0119d144bfaa31f51e6f56e31939f3990b4c6784e9e602fdd3b832ddc2046a36512fb07c6d5a2b14ac66b870dd3be

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/4828-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4828-2204-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads