c4661fef63480c490bbd62c2be7c0d573bc16b0239bbce79f1b276d2a905d048

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
Size

68KB
MD5

01f4cd835facc78233f9dc673ffaebfb
SHA1

8554a1e0188aba801d5e73c4e5108dc0139e9e0e
SHA256

c4661fef63480c490bbd62c2be7c0d573bc16b0239bbce79f1b276d2a905d048
SHA512

9ac21e2aa3cf469c7b9dd6590755b7804c31c384623a0bee2a74ef5451781d6dc03bd6e6c3e7b766de31739f36b9e36a4845678a1691244a97fb9389bf7d7895
SSDEEP

1536:Wjl+2lHKITkBXkHBz9XWNao3EiSUDfyN5N/8HP6Q:O5HKITkBXkHBh3o31vT6h8v6Q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4560-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/files/0x000a00000002328e-5.dat	upx
behavioral2/memory/4560-3084-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/4560-4278-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/4560-4279-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/4560-4284-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WSManHTTPConfig.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WSManHTTPConfig.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\efsui.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedt32.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shutdown.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskkill.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sc.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\getmac.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\LaunchWinApp.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autochk.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\expand.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\provlaunch.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wermgr.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regsvr32.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\resmon.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msdt.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasdial.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\where.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Fondue.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\printui.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regini.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cleanmgr.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\edpnotify.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexpress.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\EaseOfAccessDialog.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpresult.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicpl.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tasklist.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bootcfg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rundll32.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sfc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wscadminui.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mstsc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\OposHost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tree.com	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\unregmp2.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PackagedCWALauncher.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PING.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\CheckNetIsolation.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\comp.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lodctr.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\odbcconf.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\auditpol.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdl32.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Install\{878BCDD2-1ABC-4948-8DA1-C8645DF0F833}\chrome_installer.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoev.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\show_third_party_software_licenses.bat-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-scrnsave_31bf3856ad364e35_10.0.19041.1_none_a18558d9ae23205d\scrnsave.scr-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_f20ecec27517964b\f\PinningConfirmationDialog.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.19041.1266_none_3bcd0306a19592e2\Robocopy.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.19041.1_none_a78dc4e9f3c6c606\bdechangepin.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.19041.1_none_7fd47726c3f6f6dd\SystemPropertiesDataExecutionPrevention.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.264_none_2649f3f85f3b49b1\wscript.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_10.0.19041.1_none_b22e8a4512f5879a\WFServicesReg.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\f\AppVStreamingUX.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\r\relog.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.746_none_ad0ed54dd130eec3\r\DismHost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.19041.572_none_3e399e76562f6053\r\netbtugc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sstext3d_31bf3856ad364e35_10.0.19041.1_none_ba29c601fef9ba5d\ssText3d.scr-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_10.0.19041.746_none_735abbdbad8c902f\f\cmd.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_multimedia-rrinstaller_31bf3856ad364e35_10.0.19041.1_none_d333642c61130785\rrinstaller.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.19041.746_none_cdf422107d2779cf\r\cttunesvr.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-gaming-xbox..e-service-component_31bf3856ad364e35_10.0.19041.789_none_3136b8d712da0334\r\XblGameSaveTask.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\Taskmgr.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1288_none_f92f7256107c0e35\r\nvspinfo.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.19041.867_none_099246ae3a45708c\f\printfilterpipelinesvc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\Temp\PendingDeletes\8e36994536e5d701189b00001815341f.iisreset.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windowssearchengine_31bf3856ad364e35_7.0.19041.264_none_9627a04e40f9f001\SearchProtocolHost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.1_none_9b8799837b1e944c\WindowsSandboxClient.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux-dlg_31bf3856ad364e35_10.0.19041.746_none_7c508e4438cec899\r\LicensingUI.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.19041.1_none_9aa166e99861c2bc\tscon.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.19041.746_none_38c6194376a6b88c\VSSVC.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.1202_none_a5b2e5b8b986fe3d\r\wininit.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_10.0.19041.746_none_dbe4ac1121d6e6d7\f\CertEnrollCtrl.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1266_none_aa0661cc14f9fe9a\r\vmwp.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\f\ImeBroker.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.19041.1_none_d69d2c25bd407a87\SystemSettingsAdminFlows.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_10.0.19041.1081_none_8f1e438c6737a711\r\wscadminui.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.19041.746_none_d1f5ce67827e350f\mtstocom.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_8a8440f738abd1b9\f\wmplayer.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.19041.746_none_476e348ff3b593af\cmdl32.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.746_none_4b0e3418084b5511\f\EaseOfAccessDialog.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-warp-jitexecutable_31bf3856ad364e35_10.0.19041.1_none_83ab1c56c187ef65\Windows.WARP.JITService.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1151_none_71aa7fdbb41824a0\ShellExperienceHost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..client-decoder-host_31bf3856ad364e35_10.0.19041.207_none_00b5dbdfab19326f\UtcDecoderHost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.264_none_9b70177c85a8df54\mavinject.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_8b2066136dd02eb6\TiFileFetcher.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashUtil_ActiveX.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.19041.1_none_389cd5270341e0a8\regsvr32.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.19041.1_none_ef230558c150a821\inetinfo.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.19041.1_none_c24749f2592e69f9\regini.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-unp_31bf3856ad364e35_10.0.19041.1266_none_21c0be7c0dad3632\r\UNPUXHost.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1202_none_a27aa61d221bdc5c\r\wordpad.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_multipoint-wmssvc_31bf3856ad364e35_10.0.19041.746_none_9ebd3ef9f0c794b5\f\WmsSvc.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.1052_none_0bde546bcaf8e34a\ClipUp.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\f\aspnetca.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1288_none_6f1fcb1866fcb4b8\ntprint.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.1_none_d9d36ad7f915f657\fltMC.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.19041.1_none_8ca9cc4ec3aae4a7\fsutil.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1288_none_6f1fcb1866fcb4b8\r\ntprint.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1110_none_20a89186aedb6af7\msinfo32.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux-dlg_31bf3856ad364e35_10.0.19041.746_none_7c508e4438cec899\LicensingUI.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ervicing-management_31bf3856ad364e35_10.0.19041.746_none_46f79836a0dc7206\r\Dism.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmsp_31bf3856ad364e35_10.0.19041.1_none_39d506065bd87607\vmsp.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.19041.1_none_afb33d8068b0adc0\ie4uinit.exe-	01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\01f4cd835facc78233f9dc673ffaebfb_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe-

Filesize
613KB

MD5
0bbe37f8c13984ba7659517f4f64b3fd

SHA1
8e386f48a812981632e3b67be3443e0cc9d0a0ec

SHA256
719f235ab348b33583e1ce5e5880d497e711f9d5472c316a566b8986559efe64

SHA512
8a5229800403236b5af12bf01c6e883e725f8313bb9d099578ef71caa3f623a55ae01e35e87b41497497d6bd39072d2e8b59096b2b587fce6b9955c3b2a5ba12

Download Submit
memory/4560-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4560-3084-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4560-4278-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4560-4279-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4560-4284-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download