beb1fd5c2d4d6de0778ab237322989d362c0a55e6fbb39dd3cdee7b238827160

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
Size

90KB
MD5

0457526f3803f35e90cc2f5505afa551
SHA1

9004d2bc86ea64e9b173e220dd827c92c8ef2f19
SHA256

beb1fd5c2d4d6de0778ab237322989d362c0a55e6fbb39dd3cdee7b238827160
SHA512

9f22fc437dfbfe9fcf4824867eeb2bb8bbfdc1e02fd06a860c81c228393ec787ca28a43e68180bf3cc5a085691519a3ac65e84a7d55ff63cb8237fe6002ce62a
SSDEEP

1536:Wjl+2lHKITkBXkHpMqaFJJA/MRpVMwXVefh4MKcUakgPF42bsGu:O5HKITkBXkHpErA6zMwXQfh4MKDakg9i

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2564-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/files/0x0002000000022a9f-4.dat	upx
behavioral2/memory/2564-4272-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/2564-4273-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/2564-4274-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/2564-4279-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\CredentialUIBroker.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dtdump.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\GameBarPresenceWriter.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ntprint.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemUWPLauncher.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ThumbnailExtractionHost.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\auditpol.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\where.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PING.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DevicePairingWizard.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\newdev.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xcopy.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\comrepl.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DevicePairingWizard.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\powercfg.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autofmt.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\explorer.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rundll32.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shutdown.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\userinit.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\mofcomp.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Windows.Media.BackgroundPlayback.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\CameraSettingsUIHost.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmd.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cttune.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskpart.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\user.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xwizard.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chcp.com-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dxdiag.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskkill.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wevtutil.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\credwiz.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\format.com-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lodctr.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\relog.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runas.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Utilman.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\convert.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shrpubw.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\svchost.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\upnpcont.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RpcPing.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msra.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fltMC.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicli.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PickerHost.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setupugc.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskpart.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\typeperf.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SyncHost.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\EnterConvert.bat	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateSetup.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wabmig.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pipanel.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\show_third_party_software_licenses.bat	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateComRegisterShell64.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_10.0.19041.746_none_cabafbc5834ab93f\f\DisplaySwitch.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\unregmp2.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.19041.1_none_9aa166e99861c2bc\logoff.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\scp.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.19041.1_none_e112f07513949221\edpnotify.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.19041.264_none_39eaf2470cfe88f0\f\explorer.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.844_none_de5d9fe254d9f8c4\BioEnrollmentHost.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\f\hvsimgr.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.19041.1_none_4475a86a4f1da227\BackgroundTransferHost.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.19041.1_none_69f4af04dd2c1f80\lpr.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.19041.1266_none_fb98272b39a47240\r\usocoreworker.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-ilasm_exe_b03f5f7f11d50a3a_4.0.15805.0_none_5fe2df342921db66\ilasm.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.19041.746_none_476e348ff3b593af\cmdl32.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-runtimebroker_31bf3856ad364e35_10.0.19041.746_none_744cb37f06e446cc\f\RuntimeBroker.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-getmac_31bf3856ad364e35_10.0.19041.1_none_c1efa43e415898e4\getmac.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lxss-wsl_31bf3856ad364e35_10.0.19041.1151_none_f7be996d8409bfa1\wsl.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..up-deviceencryption_31bf3856ad364e35_10.0.19041.1202_none_4f22e21b58d6c2e3\f\BitLockerDeviceEncryption.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.19041.1_none_613b273905366660\RMActivate.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1237_none_b40cbfe2afd2c015\r\wowreg32.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.19041.117_none_975feef459c69d6b\CheckNetIsolation.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1202_none_fceb29af5a61f7e6\bcdedit.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_10.0.19041.1237_none_9ad73d125ac89655\f\bfsvc.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-notify_31bf3856ad364e35_10.0.19041.1_none_d2e378e1475d4847\fvenotify.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.19041.1266_none_93a0f3defb54e912\rdpinit.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-utilman_31bf3856ad364e35_10.0.19041.746_none_eaf7a50dc46d5592\f\Utilman.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.19041.1_none_a5ebe4c7bdb5bb85\cttunesvr.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.19041.1266_none_c67a7a982eedc4e8\f\explorer.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.19041.1288_none_ff9a0c377d92f65b\wpnpinst.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.19041.264_none_513ab7577ca57427\SpeechModelDownload.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\ssh-agent.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_be98bb8265bc211a\f\mmgaserver.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\winhlp32.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.19041.1_none_a3224c6911783037\IMJPDCT.EXE-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-expand_31bf3856ad364e35_10.0.19041.1_none_0e6389fff73df783\expand.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\wdagtool.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.19041.746_none_76d2900542f0226c\r\BackgroundTransferHost.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..rvices-sessionagent_31bf3856ad364e35_10.0.19041.1_none_3b97be772075a03a\RdpSa.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\f\SyncAppvPublishingServer.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.19041.928_none_1d29b4735b607954\f\services.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-write_31bf3856ad364e35_10.0.19041.1_none_1573dfb37c7563ca\write.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1288_none_f92f7256107c0e35\nvspinfo.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1266_none_cfec8db821d83671\r\winresume.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_1b0a4d6f748b99f5\bthudtask.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.19041.746_none_ff52abd5cb47bbe1\lpremove.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1151_none_71aa7fdbb41824a0\ShellExperienceHost.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..s-datausagehandlers_31bf3856ad364e35_10.0.19041.746_none_dbecc8a3cdc7c3cf\DataUsageLiveTileTask.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-application..haringsvc-ntservice_31bf3856ad364e35_10.0.19041.84_none_c43e71af69351575\dstokenclean.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.powershell.pester_31bf3856ad364e35_10.0.19041.1_none_9478227a478f23d5\Pester.bat-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_10.0.19041.1_none_b79f30aeb967a64a\dvdplay.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.1_none_613e4ed2b91d35a0\fixmapi.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1081_none_2e31e8eed4b770c3\WMIADAP.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.546_none_01dba454b887ba53\f\fltMC.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_8a8440f738abd1b9\f\wmpshare.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_b817dbd29134ec4d\GameBarPresenceWriter.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.1_none_34bfdd0c0f979e4b\EASPolicyManagerBrokerHost.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.19041.1_none_2311dc3012116c15\OpenWith.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-spectrum_31bf3856ad364e35_10.0.19041.1151_none_f0b5afbf42eaff75\f\Spectrum.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1266_none_14b8c34dbc1df417\f\runexehelper.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1081_none_e4e5027bf1e82209\r\WerFaultSecure.exe-	0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0457526f3803f35e90cc2f5505afa551_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
635KB

MD5
3cfb4d195cf0a9dca905de53c756de03

SHA1
3771639e2320e6e6677f10cdda3a1d5b801047d1

SHA256
796e1b6806bd2013d7d08687051c7d67bbd6da74f38ffeb1156a6dfaa30c4ea4

SHA512
857c8fec842fc7734b59c3a3e478267d2c1142f50fa0756c08983b85ad9ea187e50b7349738e036d8e5e10a323876055981e279ca50c78783d406649f44fba10

Download Submit
memory/2564-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2564-4272-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2564-4273-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2564-4274-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2564-4279-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download