696a466793b336857dfab2cf00c0e1a290c783512d95c55eb3dc6150ce5326c5

Analysis

max time kernel
61s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
Size

55KB
MD5

37c839d43641ccd77877b656d9f10967
SHA1

2b24f0713506ab3b8341b6a9205f6a66a345a59c
SHA256

696a466793b336857dfab2cf00c0e1a290c783512d95c55eb3dc6150ce5326c5
SHA512

5acc8011c9c9d3f8758a8e1a38484826b9349cc7b63cf5d977d5ea4d57a934d02fccae05208721573d11c30c1d4e10e27fb9ed0e862d03f5261d460659390be3
SSDEEP

768:W9BlZMP2l2wQ095aITkBXkVHthE99gH6MwOMF/AaS2RSePG:Wjl+2lHKITkBXkHthE2PwnF/AahSYG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x000a0000000174d0-6.dat	upx
behavioral1/memory/2064-878-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2064-1876-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2064-3662-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2064-3663-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2064-3664-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2064-3665-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2064-3669-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\explorer.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\psr.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tzutil.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cscript.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icacls.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\isoburn.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wuapp.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\efsui.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sethc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tasklist.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\takeown.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\forfiles.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SetIEInstalledDate.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SndVol.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logman.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasdial.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cleanmgr.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjppdmg.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netiougc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\schtasks.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dccw.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Magnify.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mfpmp.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\verclsid.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wecutil.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chkdsk.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lodctr.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup16.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\raserver.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\clip.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dfrgui.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mfpmp.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bootcfg.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cttune.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regini.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setupSNK.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\where.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DisplaySwitch.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\reg.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shrpubw.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\comrepl.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ieUnatt.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xwizard.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fixmapi.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runonce.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm.cmd-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ocsetup.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TpmInit.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wiaacmgr.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\driverquery.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpenc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\java.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_narrator_31bf3856ad364e35_6.1.7601.17514_none_e18f9f5aaa2eda72\Narrator.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.17514_none_2d3b8ff08901343f\DismHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_b6a71a3466cfbde7\evntwin.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_fb26c75d92790b8f\setupSNK.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_b55b5e1094b0283d\certutil.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\ehome\RegisterMCEApp.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.1.7600.16385_none_8fbb77bb3cd808d1\pcawrk.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7600.16385_none_696bcc240bce3ca9\odbcconf.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasautou.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-verclsid_31bf3856ad364e35_6.1.7600.16385_none_bbbd275974c7e191\verclsid.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_1838ef0586d5af46\syskey.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_6.1.7600.16385_none_2b2984d40648fbe7\Locator.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4\MultiDigiMon.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_9f01d3f4c9ca5275\aspnet_regiis.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\print.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_6.1.7600.16385_none_8d6c9c807200865a\TSWbPrxy.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f\AddInProcess.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.1.7600.16385_none_31ae00ebd2fb34b5\icardagt.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.1.7601.17514_none_558f74866ddb8017\MSBuild.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\SpeechUXWiz.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-whoami_31bf3856ad364e35_6.1.7600.16385_none_2a716ffd9b872f68\whoami.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\iissetup.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\perfmon.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\posix.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_ieexec_b03f5f7f11d50a3a_6.1.7600.16385_none_53678ee8c3f93f6b\IEExec.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-runonce_31bf3856ad364e35_6.1.7601.17514_none_17c23e881d4a0b0b\runonce.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\ehome\Mcx2Prov.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_6.1.7601.17514_none_6ba44fa419d13382\msoobe.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_6.1.7601.17514_none_5840c326cdf5dca9\manage-bde.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-synchost_31bf3856ad364e35_6.1.7600.16385_none_c575fec016436d8a\SyncHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sqm-consolidator-base_31bf3856ad364e35_6.1.7601.17514_none_326571587836a400\wsqmcons.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_addinutil_b77a5c561934e089_6.1.7601.17514_none_1a816bc7556b71eb\AddInUtil.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7601.17514_none_144b6bd462e4a41b\vbc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSSVC.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_ef38a8d0d05cc2c7\IMJPUEX.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.1.7600.16385_none_6a5b38699f97e38d\imjppdmg.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-wtvconverter_31bf3856ad364e35_6.1.7600.16385_none_a8464accb5a91f59\WTVConverter.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.1.7600.16385_none_ff7cf696bfb54620\ucsvc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_6.1.7600.16385_none_d7c180d4bd657495\iscsicpl.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_fe7d1685575edfa6\grpconv.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\unsecapp.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_3b3f55233d47d4f2\gpupdate.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_5f5928533e6b72c0\write.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wlan-extension_31bf3856ad364e35_6.1.7600.16385_none_55d820d53d0a8fa3\wlanext.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_7a1e2959bc43abd5\DpiScaling.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\chcp.com-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_ae2743278c281682\net.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\change.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
986KB

MD5
36da53b667383d44dcf923b4ed8ed82b

SHA1
dd2cde67690f69362650cd4c3c395b58a9bbce02

SHA256
40ad7a7ceed007843cdb7440863baf1349b7bc444c18795511bc6c96161ef073

SHA512
2bd8c7e63b7c702d4d08f684558df10a34db447fba813a7d7cee1802253213637e85ad1a1a6faeb3233df501714866663e9fb77a63582d7d90953c673eaf695a

Download Submit
memory/2064-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2064-878-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2064-1876-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2064-3662-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2064-3663-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2064-3664-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2064-3665-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2064-3669-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download