c4661fef63480c490bbd62c2be7c0d573bc16b0239bbce79f1b276d2a905d048

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
Size

68KB
MD5

01f4cd835facc78233f9dc673ffaebfb
SHA1

8554a1e0188aba801d5e73c4e5108dc0139e9e0e
SHA256

c4661fef63480c490bbd62c2be7c0d573bc16b0239bbce79f1b276d2a905d048
SHA512

9ac21e2aa3cf469c7b9dd6590755b7804c31c384623a0bee2a74ef5451781d6dc03bd6e6c3e7b766de31739f36b9e36a4845678a1691244a97fb9389bf7d7895
SSDEEP

1536:Wjl+2lHKITkBXkHBz9XWNao3EiSUDfyN5N/8HP6Q:O5HKITkBXkHBh3o31vT6h8v6Q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x000d00000001227e-6.dat	upx
behavioral1/memory/2232-963-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2232-2652-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2232-3667-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2232-3668-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2232-3669-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2232-3670-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2232-3674-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ipconfig.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicpl.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\scrnsave.scr-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ocsetup.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runas.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\userinit.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchProtocolHost.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\syskey.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpapimig.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\help.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MigAutoPlay.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\MigSetup.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wevtutil.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wuapp.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpresult.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\subst.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tasklist.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\write.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcopy.com	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icacls.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\IMEPADSV.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\raserver.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\write.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chcp.com-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\MigRegDB.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexpress.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PING.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runonce.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dxdiag.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\explorer.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\grpconv.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mtstocom.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setupugc.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\choice.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\convert.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fsutil.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\instnm.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\find.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\reg.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RegisterIEPKEYs.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cipher.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\clip.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wermgr.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\doskey.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dvdupgrd.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\forfiles.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wabmig.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmprph.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Journal.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_6.1.7601.17514_none_843a86a1bc33fcd1\bfsvc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\print.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_6.1.7601.17514_none_ff178cca7f9d03eb\BdeHdCfg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\wmpconfig.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-powershell-exe_31bf3856ad364e35_6.1.7600.16385_none_cf5f9aad50446c26\powershell.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\wabmig.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_ed2d0ae971b57e8d\Netplwiz.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-regini_31bf3856ad364e35_6.1.7600.16385_none_0c2c92921b2478ef\regini.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7601.17514_none_144b6bd462e4a41b\vbc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_c3afa97fae99bbe4\diskraid.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winhlp32.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-xcopy_31bf3856ad364e35_6.1.7600.16385_none_beea9c500dfd4622\xcopy.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_6.1.7600.16385_none_09320e5ae212b9d9\powercfg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c\cofire.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\Mcx2Prov.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sonic-sbeserver_31bf3856ad364e35_6.1.7601.17514_none_7b380cb06fd9d81d\SBEServer.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_7288349cbfd37b08\taskmgr.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_6ff39cfbb8057a05\cliconfg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1\Eap3Host.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.16428_none_a56da9e617d4f97e\ieetwcollector.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_ff1b74d24817a82b\RMActivate.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\SvcIni.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\icsunattend.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_2461659e78807255\aspnet_regsql.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-verclsid_31bf3856ad364e35_6.1.7600.16385_none_bbbd275974c7e191\verclsid.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.1.7601.17514_none_0228c5fb7b680376\SMConfigInstaller.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\ehome\mcGlidHost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiag.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-client_31bf3856ad364e35_6.1.7600.16385_none_c80d81c947c7b794\HelpPane.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\windeploy.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.1.7601.17514_none_08e183f8dd5f48b7\smi2smir.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-tapicore_31bf3856ad364e35_6.1.7600.16385_none_4a83748394a862f9\dialer.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_a907fb2af12e5dc6\PING.EXE-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_6.1.7600.16385_none_63df9c242588e5fc\rekeywiz.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\PkgMgr.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_ed4e6c0f14dce27e\aspnet_compiler.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.1.7600.16385_none_dcbdc8e83e2b98be\cmdkey.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-networkprojection_31bf3856ad364e35_6.1.7600.16385_none_3fbc74d90a6e33f8\NetProj.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\Setup.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.1.7601.17514_none_4fd3f543ddc446fa\InstallUtil.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-credwiz_31bf3856ad364e35_6.1.7600.16385_none_9fb106cecd28b3f9\credwiz.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_23079f05995ee912\SetIEInstalledDate.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_6.1.7600.16385_none_2b1523604c99c736\sfc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_11.2.9600.16428_none_eace14b8d6178cca\SetIEInstalledDate.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\reset.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17514_none_ed7ce39bb395c4e0\DataSvcUtil.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_ddef5417d55eb944\aspnet_regbrowsers.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_f47d7472a4c4e67e\mscorsvw.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\fveupdate.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
1000KB

MD5
367926529deb9c3064d8ba0b4fdd00b2

SHA1
6d4f1b3f14914c3a05bc39585074d85c051cbfc2

SHA256
0771af2a68005291292eb4ae92905e9fcef36f6177c73770c0fb154b0062dc69

SHA512
54ef46c59502e9a8ccd3c83a819268516702e01650dc50ce07c56c09f3b2ffa874481b794bf531c99c1c73e7cb4f2256e8395a5b4933d078bb4592a5f182cc53

Download Submit
memory/2232-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-963-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-2652-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-3667-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-3668-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-3669-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-3670-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-3674-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download