b17e90dbc92e95f56d53449756cee03dd644a21ddf7d061ae96de15ef277a666

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
Size

88KB
MD5

0774c1a65a207eb2dcfd6f69f475dd6f
SHA1

c808d6a3002ded2aecea7c06ec1b0fcacfcb541a
SHA256

b17e90dbc92e95f56d53449756cee03dd644a21ddf7d061ae96de15ef277a666
SHA512

faafd3e44d3e7c9e6fe1eae6961f41ab07df402712b239627dc7f7892ca8ccaf5176889d2d6e5f10b3bc9cb4256a6eb4feb15799671c1863f600bc12d9148f8e
SSDEEP

1536:Wjl+2lHKITkBXkHbo/8kbrcJj6XWLAVufIC+wuQ944zU0tTpGybe/n93CZ:O5HKITkBXkHbo/8kbgj6XWLAVugwuQ9X

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1752-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x00350000000141aa-6.dat	upx
behavioral1/memory/1752-3661-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1752-3665-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\findstr.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MigAutoPlay.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\odbcconf.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\reg.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sbunattend.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sfc.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fontview.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\help.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicpl.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autoconv.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runonce.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diantz.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\isoburn.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\more.com	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\unlodctr.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\replace.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TCPSVCS.EXE-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\AtBroker.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cleanmgr.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\control.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC10\IMTCPROP.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\NAPSTAT.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chkntfs.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcomp.com	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\getmac.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xcopy.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\credwiz.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\IMCCPHR.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logman.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mmc.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\systeminfo.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdl32.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcopy.com-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logagent.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup16.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ssText3d.scr	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\upnpcont.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\AtBroker.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\more.com-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\w32tm.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cipher.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\IMEPADSV.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mode.com	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\resmon.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setx.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\certreq.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\certutil.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sort.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ReAgentc.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\relog.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tracerpt.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdkey.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wab.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7z.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7zG.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7zFM.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_6.1.7600.16385_none_dc2a59723dcfa2c7\RmClient.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-notify_31bf3856ad364e35_6.1.7600.16385_none_78e75d04c1b0c873\fvenotify.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.1.7600.16385_none_cb604f1aa758e6b6\IMJPMGR.EXE-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a\ndadmin.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-speechcommonnoia64_31bf3856ad364e35_6.1.7600.16385_none_5e9e78a6dd413413\sapisvr.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tzutil_31bf3856ad364e35_6.1.7601.17514_none_9269da4819c69a89\tzutil.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ystemassessmenttool_31bf3856ad364e35_6.1.7601.17514_none_d9bafd47cdf9833b\WinSAT.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\iisreset.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_44263d819f0aa19e\odbcad32.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f\fveupdate.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_99931ad927972550\AppLaunch.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35linq-linqwebconfig_31bf3856ad364e35_6.1.7600.16385_none_56e30bcc495bf9ca\LinqWebConfig.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\attrib.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-magnify_31bf3856ad364e35_6.1.7600.16385_none_6e042d8ffa037534\Magnify.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_d5bc65ffdc22ec35\TSTheme.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..inboxgames-shanghai_31bf3856ad364e35_6.1.7600.16385_none_1c98ed5d08db04ce\Mahjong.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\PkgMgr.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.1.7600.16385_none_2370c162e00680c3\Defrag.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.1.7600.16385_none_8be8919a8f43b3f6\raserver.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmmon32.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22091_none_d0d0722c3bb0dc09\instnm.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_5208a7a3d3caa54c\net.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_5f774c61592c67c3\netsh.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-security-secedit_31bf3856ad364e35_6.1.7600.16385_none_aebd843e13122315\SecEdit.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ShapeCollector.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_addinprocess_b77a5c561934e089_6.1.7601.17514_none_f9a5b9a7f0e068e4\AddInProcess.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835\xpsrchvw.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_44b0c76c35d4b76d\wabmig.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_7da9291f2ec46948\dpapimig.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-es-authentication_31bf3856ad364e35_6.1.7600.16385_none_9db1ae483049e160\EhStorAuthn.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.1.7601.17514_none_38a043f2b45f9ad2\msconfig.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.1.7600.16385_none_d3720895f8f22acd\TpmInit.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7600.16385_none_696bcc240bce3ca9\odbcconf.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-magnify_31bf3856ad364e35_6.1.7600.16385_none_ca22c913b260e66a\Magnify.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sysinfo_31bf3856ad364e35_6.1.7600.16385_none_4b49a2c2123fd42c\systeminfo.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\query.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\setup.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728\printui.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.16428_none_6ed450a8ee531df1\ieinstal.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_175ab6276b721d6a\LocationNotifications.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_6.1.7601.17514_none_352b5454878cd498\AxInstUI.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-client_31bf3856ad364e35_6.1.7600.16385_none_c80d81c947c7b794\HelpPane.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-nslookup_31bf3856ad364e35_6.1.7601.17514_none_cd87dddbc4b4a790\nslookup.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_b627d45ffdcc6f00\winver.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\chglogon.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ervicing-management_31bf3856ad364e35_6.1.7600.16385_none_5e7ff93b6f0000b7\Dism.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-utilman_31bf3856ad364e35_6.1.7600.16385_none_028006129290e443\Utilman.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\ehome\ehprivjob.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_bb95e7e51189d8f9\netsh.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tasklist_31bf3856ad364e35_6.1.7600.16385_none_843823d87402ab36\tasklist.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-waitfor_31bf3856ad364e35_6.1.7600.16385_none_125aa78894e49f8f\waitfor.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-edmgen_31bf3856ad364e35_6.1.7601.17514_none_0ca1fd81527e1e9a\EdmGen.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
1019KB

MD5
c18762a01a985badfb4a737e90293f85

SHA1
6a41322b5bca7902164f2207502563aed3b0fe1a

SHA256
6a7bf95be9d3da560ac2d78df0779f09ccf9e454d7f386a1b6531117a5249dd7

SHA512
38bd88eba5b9f2073db1c4264be8ef2214ba9468d07b6eb565c1e7f5850c14326d405492da65516499351087e3a7dcb6ca88358bbe22bee520fb02ff158432c9

Download Submit
memory/1752-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1752-3661-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1752-3665-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download