696a466793b336857dfab2cf00c0e1a290c783512d95c55eb3dc6150ce5326c5

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
Size

55KB
MD5

37c839d43641ccd77877b656d9f10967
SHA1

2b24f0713506ab3b8341b6a9205f6a66a345a59c
SHA256

696a466793b336857dfab2cf00c0e1a290c783512d95c55eb3dc6150ce5326c5
SHA512

5acc8011c9c9d3f8758a8e1a38484826b9349cc7b63cf5d977d5ea4d57a934d02fccae05208721573d11c30c1d4e10e27fb9ed0e862d03f5261d460659390be3
SSDEEP

768:W9BlZMP2l2wQ095aITkBXkVHthE99gH6MwOMF/AaS2RSePG:Wjl+2lHKITkBXkHthE2PwnF/AahSYG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/464-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/files/0x0009000000023470-5.dat	upx
behavioral2/memory/464-3743-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/464-4238-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/464-4239-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/464-4243-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wlanext.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedit.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicpl.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\whoami.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Windows.Media.BackgroundPlayback.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\LaunchWinApp.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WSManHTTPConfig.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\esentutl.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexpress.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemUWPLauncher.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm.cmd	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\clip.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicpl.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\prevhost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runonce.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\write.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\GamePanel.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logman.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mstsc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\nslookup.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TCPSVCS.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\expand.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchProtocolHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setupugc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sxstrace.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sfc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tasklist.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\BackgroundTransferHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\doskey.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\find.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpresult.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pcaui.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wlanext.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ROUTE.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net1.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdchange.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chkdsk.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\finger.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sethc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\timeout.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wscript.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xwizard.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Register-CimProvider.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Utilman.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ktab.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\setup_wm.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.19041.1288_none_1cec63974464878f\r\SenseIR.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.19041.906_none_a892faef80a943dc\f\MuiUnattend.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_d0a876615f23523d\WmiPrvSE.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.19041.546_none_93b4a0a1641d085c\f\svchost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.19041.1266_none_e488d49c8a22d21e\f\winlogon.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.19041.844_none_52d476a2172491b6\provlaunch.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\CredDialogHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..tegrity-diagnostics_31bf3856ad364e35_10.0.19041.985_none_4a26c2c5164ad5c7\CIDiag.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ebviewhost.appxmain_31bf3856ad364e35_10.0.19041.746_none_e873f3aa792d8bb3\Win32WebViewHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..tnet-mua-hostserver_31bf3856ad364e35_10.0.19041.746_none_aee92417063babbe\WinRTNetMUAHostServer.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\sdbinst.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\explorer.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\f\Microsoft.Uev.CscUnpinTool.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bootux.deployment_31bf3856ad364e35_10.0.19041.746_none_1c0a97992f105d4b\r\bootim.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.19041.1237_none_665f7346099d6350\r\bdechangepin.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.264_none_583d67d6d00b6b6a\f\WerFaultSecure.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1202_none_b918e36ffc7a6ffe\f\ShellLauncherConfig.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\lsass.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1202_none_dfaaff89afe4f3d4\r\vdsldr.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.19041.1165_none_a82485b8f343811f\WaaSMedicAgent.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-shell-previewhost_31bf3856ad364e35_10.0.19041.1_none_03831cf8d49cee55\prevhost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-csp_31bf3856ad364e35_10.0.19041.844_none_c606f47e6aa94b5b\f\hvsievaluator.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashUtil_ActiveX.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1266_none_1befc89391e44c23\f\autoconv.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-secinit_31bf3856ad364e35_10.0.19041.1_none_47fda84da0bc8185\secinit.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.19041.1_none_59b1b1137e3c1ce3\control.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.19041.1_none_d374a4c62c9f2643\LegacyNetUXHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\f\typeperf.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.19041.264_none_a71c9f7fdcd899c5\f\SearchApp.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\f\GameBarPresenceWriter.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.19041.1_none_4eca52bc837e6422\BackgroundTransferHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\AppVDllSurrogate.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1288_none_64cb20c6329bf2bd\ntprint.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-webauth_31bf3856ad364e35_10.0.19041.746_none_099c40ad55bc5d6c\AuthHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_10.0.19041.1_none_f92e72a6a03c2c5a\prevhost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\bfsvc.exe	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Microsoft.AsyncTextService.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-analog-facefodhandler_31bf3856ad364e35_10.0.19041.1266_none_1f1ff89fbf279f16\FaceFodUninstaller.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.19041.610_none_d94fa044111e8308\StartMenuExperienceHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.19041.546_none_ffd303094ff1fe66\r\auditpol.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.264_none_4de8bd849baaa96f\WerFaultSecure.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_a2c8d19f92a1cc22\PkgMgr.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.1266_none_e8d910c7c702b558\f\MusNotificationUx.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1_none_a068a30a6853aaec\ByteCodeGenerator.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_datasvcutil_b77a5c561934e089_4.0.15805.0_none_5b1ada239e3b0505\DataSvcUtil.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-commandlinehelp_31bf3856ad364e35_10.0.19041.1_none_9470ed79dcf5eade\help.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.19041.1202_none_9fe20fdb296d6341\r\edpnotify.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.546_none_f827f008f8832bd5\r\rasautou.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_10.0.19041.1_none_cdd05846922cdabb\msdtcvtr.bat-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smss-minwin_31bf3856ad364e35_10.0.19041.1_none_3451e3c68828f3da\smss.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.19041.746_none_c05346ae3e1a99a4\rundll32.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..services-sessionmsg_31bf3856ad364e35_10.0.19041.746_none_18cbe45e21fb4fcb\sessionmsg.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-deployment_31bf3856ad364e35_10.0.19041.746_none_e43cebe9807e08e3\r\setupugc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1165_none_28f87d0444103fde\r\fontdrvhost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\n\CExecSvc.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_5aba1063745f6e01\autofmt.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.19041.1_none_15d956c7fccae922\runas.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-settingsynchost_31bf3856ad364e35_10.0.19041.1202_none_f4a35974d85ff180\r\SettingSyncHost.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.84_none_b5c0f628d1d661eb\f\Narrator.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_10.0.19041.746_none_b3df5aa8d99e9b89\TSTheme.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-usercpl-usermgrbroker_31bf3856ad364e35_10.0.19041.746_none_fefa067e67e7af8b\UserAccountBroker.exe-	37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\37c839d43641ccd77877b656d9f10967_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe-

Filesize
600KB

MD5
c7dfb05461bc5740a3f462c79f0d21a8

SHA1
fbc512130aef03c015f75966cee720d7d1b99e26

SHA256
aef3d86b548dcc3f8c878fb187432b14578de49eeba2b2c0234e97d4d6b139c7

SHA512
b38407dc71beca60e6f56a89bae386f0bae5f4c8102c57e8fdaa896f9f2edef1eda94d93403482862e084777a6c69610709bc016e5993dd6d6001e27093d8daf

Download Submit
memory/464-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/464-3743-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/464-4238-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/464-4239-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/464-4243-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download