73f52abd6fd716a05c19308e6442de9a1db656e90b6bcfa2faa96990b0bafdda

Analysis

max time kernel
93s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
Size

186KB
MD5

2f54a01bc234bf09293af2fd9eb6395e
SHA1

65ab244b54d7f13eed6a35d2c7a680021b62ff25
SHA256

73f52abd6fd716a05c19308e6442de9a1db656e90b6bcfa2faa96990b0bafdda
SHA512

a5835e732cd7572187f726a87d0cffffcd643bfc7b6313efc60cfbe703f05b93669095d466ae4f844bbb4ac91d495b742066d93a6ed03a5f62dd4bc5fd21896b
SSDEEP

3072:MaufY4vmTnvxV9ocXiBqXbr6H7TrxXhoF8Ro9rBfVyb:SYuInpoCYqf6bpX+Fso

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_elf.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\skchobj.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pipanel.exe	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_gd.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.ArchiverProviders.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ro.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_zh-CN.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\penjpn.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_tt.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_en-GB.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_km.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_pt-PT.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\Microsoft.PowerShell.PackageManagement.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_iw.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_sq.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ca.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_et.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_fa.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_hu.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_lv.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_as.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\Microsoft.PackageManagement.resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateCore.exe	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\control.ini	2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f54a01bc234bf09293af2fd9eb6395e_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3380-0-0x0000000001000000-0x0000000001030FB8-memory.dmp

Filesize
195KB

Download
memory/3380-2-0x0000000001000000-0x0000000001030FB8-memory.dmp

Filesize
195KB

Download
memory/3380-1-0x0000000001005000-0x000000000102E000-memory.dmp

Filesize
164KB

Download
memory/3380-4-0x0000000000710000-0x0000000000735000-memory.dmp

Filesize
148KB

Download
memory/3380-3-0x0000000000750000-0x0000000000754000-memory.dmp

Filesize
16KB

Download
memory/3380-5-0x0000000001000000-0x0000000001030FB8-memory.dmp

Filesize
195KB

Download
memory/3380-8-0x0000000000710000-0x0000000000735000-memory.dmp

Filesize
148KB

Download
memory/3380-9-0x0000000001005000-0x000000000102E000-memory.dmp

Filesize
164KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads