beb1fd5c2d4d6de0778ab237322989d362c0a55e6fbb39dd3cdee7b238827160

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
Size

90KB
MD5

0457526f3803f35e90cc2f5505afa551
SHA1

9004d2bc86ea64e9b173e220dd827c92c8ef2f19
SHA256

beb1fd5c2d4d6de0778ab237322989d362c0a55e6fbb39dd3cdee7b238827160
SHA512

9f22fc437dfbfe9fcf4824867eeb2bb8bbfdc1e02fd06a860c81c228393ec787ca28a43e68180bf3cc5a085691519a3ac65e84a7d55ff63cb8237fe6002ce62a
SSDEEP

1536:Wjl+2lHKITkBXkHpMqaFJJA/MRpVMwXVefh4MKcUakgPF42bsGu:O5HKITkBXkHpErA6zMwXQfh4MKDakg9i

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000016a29-5.dat	upx
behavioral1/memory/2216-13-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2216-3669-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2216-3673-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wininit.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\forfiles.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\newdev.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\replace.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\where.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\systray.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mfpmp.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ocsetup.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\control.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\psr.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RpcPing.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchIndexer.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wowreg32.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fixmapi.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WinMgmt.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xpsrchvw.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpupdate.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mtstocom.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\whoami.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Magnify.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shutdown.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hh.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasphone.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ARP.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\AtBroker.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\MigRegDB.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\credwiz.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ddodiag.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wuapp.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\AdapterTroubleshooter.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskpart.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrs.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskeng.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\attrib.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\colorcpl.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drvinst.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mode.com-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\print.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dvdplay.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\extrac32.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ieUnatt.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MigAutoPlay.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PushPrinterConnections.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Journal.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigSetup.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-forfiles_31bf3856ad364e35_6.1.7600.16385_none_b1186146f739d0f1\forfiles.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-irftp_31bf3856ad364e35_6.1.7600.16385_none_b2af329397f29f60\irftp.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_e2a1ffe0ca40cff2\recdisc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.1.7600.16385_none_38dc646bf68909f4\cmdkey.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104\sdbinst.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1\Eap3Host.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\replace.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_addinutil_b77a5c561934e089_6.1.7601.17514_none_1a816bc7556b71eb\AddInUtil.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_bfe4d387913dbb8f\ComSvcConfig.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-vault_31bf3856ad364e35_6.1.7600.16385_none_4d5e025e54ba15f8\VaultCmd.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_6.1.7600.16385_none_82523ed4cbbd035a\etfsboot.com-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\twunk_16.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_ea20b9269b3c9a2c\DeviceProperties.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.1.7601.17514_none_88e35d5cb2d54359\net1.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_f71e39745cb0f950\RMActivate_ssp_isv.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7601.17514_none_e5849be1bd89e07e\ocsetup.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\ehome\Mcx2Prov.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-anytime-upgradeui_31bf3856ad364e35_6.1.7600.16385_none_4aadf3be188c056d\WindowsAnytimeUpgradeui.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runonce_31bf3856ad364e35_6.1.7601.17514_none_73e0da0bd5a77c41\runonce.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sigverif_31bf3856ad364e35_6.1.7600.16385_none_178e7604150fa952\sigverif.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16385_none_ce6f64032560fa6b\setup16.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\attrib.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.1.7601.17514_none_1229a6f0546e2346\lpq.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7600.16385_none_14e6e9dab736481d\jsc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7601.17514_none_144b6bd462e4a41b\vbc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\IMEPADSV.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_6.1.7601.17514_none_864c8948d3a4b9f3\mqtgsvc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\diskperf.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529\msg.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ShapeCollector.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_dafff0c26538f91f\extrac32.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.1.7600.16385_none_77536d124094b997\TpmInit.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7601.17514_none_cc9e34fd4e687b15\vbc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_wpf-xamlviewer_31bf3856ad364e35_6.1.7600.16385_none_55e4a2a4de407800\XamlViewer_v0300.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.2.9600.16428_none_46d2efef53c02386\iexpress.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scrnsave_31bf3856ad364e35_6.1.7600.16385_none_3d3492aaf415de8e\scrnsave.scr-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_e9dfd464f0c2ad1f\comrepl.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.1.7601.17514_none_5e47617f33c574ac\SMConfigInstaller.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_ed2d0ae971b57e8d\Netplwiz.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.1.7600.16385_none_c9b9bfc685ed05d3\SystemPropertiesDataExecutionPrevention.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\write.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
939KB

MD5
7d9308d81261fc1191d6508b16f6dcb9

SHA1
d3b01196415c4845239e427adaaa72cab47eaef1

SHA256
8b2568fc13bc15a72505896f05fc1d4bfaa116d6dafefa42e672f2a094345d4e

SHA512
f89b909dd306fed1cda7f4107ceeea4ac84d20786d6df8e30b03f18f90f587bc5c0fb9b6e83ba6f022c78f373792a9ed98fa78e42c5c3374bca117b7dc93e145

Download Submit
memory/2216-13-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2216-3669-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2216-3673-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download