b17e90dbc92e95f56d53449756cee03dd644a21ddf7d061ae96de15ef277a666

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
Size

88KB
MD5

0774c1a65a207eb2dcfd6f69f475dd6f
SHA1

c808d6a3002ded2aecea7c06ec1b0fcacfcb541a
SHA256

b17e90dbc92e95f56d53449756cee03dd644a21ddf7d061ae96de15ef277a666
SHA512

faafd3e44d3e7c9e6fe1eae6961f41ab07df402712b239627dc7f7892ca8ccaf5176889d2d6e5f10b3bc9cb4256a6eb4feb15799671c1863f600bc12d9148f8e
SSDEEP

1536:Wjl+2lHKITkBXkHbo/8kbrcJj6XWLAVufIC+wuQ944zU0tTpGybe/n93CZ:O5HKITkBXkHbo/8kbgj6XWLAVugwuQ9X

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1432-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/files/0x000f00000002325c-5.dat	upx
behavioral2/memory/1432-670-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-871-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1257-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1375-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1571-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1577-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1592-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1669-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1731-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1743-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1750-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/1432-1766-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\show_third_party_software_licenses.bat-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\pwahelper.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmprph.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\dotnet\dotnet.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{A22979E4-D188-4AF0-A888-04FE21284B11}\MicrosoftEdge_X64_122.0.2365.52.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\msedge.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\elevation_service.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\MicrosoftEdgeUpdateComRegisterShell64.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\notification_helper.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a\dfsvc.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\HelpPane.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\MSBuild.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WsatConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\ImmersiveControlPanel\SystemSettings.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ComSvcConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\bfsvc.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ComSvcConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\HelpPane.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\explorer.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\hh.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a\dfsvc.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Boot\DVD\PCAT\etfsboot.com-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\explorer.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WsatConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\ImmersiveControlPanel\SystemSettings.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\MSBuild.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe-	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe	0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0774c1a65a207eb2dcfd6f69f475dd6f_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\odt\office2016setup.exe-

Filesize
5.1MB

MD5
46626d8a939a1e68d911a10849b2a1d5

SHA1
5c24e4c8294d5b28fca863c66a69023ee918303f

SHA256
27ffdbd65ba4cb9abafb28076169c1ebed1b9e3910f06d41b24abbd2eef64344

SHA512
ba3557ce517768765e0d3476eac9eb5df8cd16f1e2b2a30e87f1f3f2e8c115dbf8e2913eca4673debf59ee108630260648a25ee9f269ca703468ac0a7d6d8664

Download Submit
memory/1432-1571-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-670-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-871-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1257-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1375-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1577-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1592-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1669-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1731-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1743-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1750-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1432-1766-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download