dbbe7ffa98610a7a360ac12d76492efe50a0aa50a41dc243e6b783475ffdecf9

Analysis

max time kernel
76s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
Size

1.4MB
MD5

41ea9d964ebe1ac2e65889c44f1c0fbf
SHA1

7be450612181fdd95361dc9a8261a60b932eb551
SHA256

dbbe7ffa98610a7a360ac12d76492efe50a0aa50a41dc243e6b783475ffdecf9
SHA512

57a7e435831642631b5a2a37585012322cd527296500af8e45c5a7a375b0d7e43a5e7d79c72372f68c86141b85d0cc19169f38e06b0f3e7644e561ba7c789bd6
SSDEEP

24576:wIbsVhnUUvaSzm6R6G7mN8gT2d+lmlXuwDjZHqfia7Dw9JLvOG7404o50:ZCWUiSfR6WI8gT2Ylmlew5K6a7Dw9dHe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2304-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x000a000000012264-6.dat	upx
behavioral1/memory/2304-1717-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2304-3664-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\IMCCPHR.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logagent.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msinfo32.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diantz.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netbtugc.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesProtection.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFault.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\where.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\convert.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskraid.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\format.com-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Mystify.scr	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\notepad.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msra.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdchange.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\AdapterTroubleshooter.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cscript.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcomp.com-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icacls.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net1.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\efsui.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\expand.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\findstr.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\raserver.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netbtugc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\printui.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pcaui.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfhost.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autochk.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eventvwr.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msinfo32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchIndexer.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setupSNK.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\timeout.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\waitfor.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmmon32.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfhost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fixmapi.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RmClient.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\recover.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\esentutl.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdkey.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup16.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrs.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wabmig.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wab.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_371e8c461d966a55\extrac32.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_6b683cb78f534561\mmc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_acd03d9b9048bd78\mscorsvw.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_8fbf4b0735f59a32\ilasm.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wpf-presentationfontcache_31bf3856ad364e35_6.1.7601.17514_none_63bf9c3e28cd9bfb\PresentationFontCache.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\iisreset.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ktmutil_31bf3856ad364e35_6.1.7600.16385_none_88604e41627c6de1\ktmutil.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-getmac_31bf3856ad364e35_6.1.7600.16385_none_67f38861bbac1910\getmac.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\psxrun.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchFilterHost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_963528f4b7e5d0fd\wordpad.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7600.16385_none_99424f610bd169de\control.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-osk_31bf3856ad364e35_6.1.7600.16385_none_aa93298fbb4246f2\osk.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_90ecf919657dacf4\NETSTAT.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_f47d7472a4c4e67e\mscorsvw.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_720e868d9b0b6a44\WerFault.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7601.17514_none_ed47f623204af12a\logagent.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_761ad65676427bd9\sdiagnhost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_f64b1e25e8ea1172\efsui.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_a69c6a8f23f521f3\diantz.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_160ccc8a92fae520\winrshost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eudc-settings_31bf3856ad364e35_6.1.7601.17514_none_b84dc938eed78546\eudcsettings.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmmon32.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-dw_b03f5f7f11d50a3a_6.1.7600.16385_none_5a768666c3091014\dw20.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_04d9defd57c1f6bf\mfpmp.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_3b3f55233d47d4f2\gpupdate.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_dcb42ec76404494f\aspnet_regsql.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48\SetIEInstalledDate.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_ff1b74d24817a82b\RMActivate.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_6.1.7601.17514_none_5840c326cdf5dca9\manage-bde.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.2.9600.16428_none_46d2efef53c02386\wextract.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\showmount.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e\mobsync.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\resmon.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_a3fa8a7d892f3cc9\wmpenc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\convert.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_d6fc8d83d55eb77c\dpnsvr.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_5cbb962a4f0d58c1\fc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.7601.17514_none_3eb101caec1acc2c\ie4uinit.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_1ddd261c4e350476\upnpcont.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.1.7600.16385_none_f0686b7ca6acde00\mpnotify.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_e6af0acbde467b7b\aspnet_regiis.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\fveupdate.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01\BrmfRsmg.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_11b913172f0cb26f\ieUnatt.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16385_none_ce6f64032560fa6b\user.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_e6fcbd244bb7bf74\openfiles.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574\OptionalFeatures.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_6adfcf45f42effcf\diskpart.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\logman.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
2.3MB

MD5
94db43463b219b6e6f1f50234e5768f3

SHA1
9512fbc34d814b6b1e3dd1c637322a64e2aeecd7

SHA256
5802e8045062a1f4d465478b0514fa7a1908b212f165a16303aa9c6014d66f7d

SHA512
d699a4efc196811b60af5939cd57928996376d0be23ac5c273291ec938f29f9573196041212f1a2dd35529a861d3c54cd6504e04154ba167fb5068c433702128

Download Submit
memory/2304-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2304-1717-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2304-3664-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download