dbbe7ffa98610a7a360ac12d76492efe50a0aa50a41dc243e6b783475ffdecf9

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
Size

1.4MB
MD5

41ea9d964ebe1ac2e65889c44f1c0fbf
SHA1

7be450612181fdd95361dc9a8261a60b932eb551
SHA256

dbbe7ffa98610a7a360ac12d76492efe50a0aa50a41dc243e6b783475ffdecf9
SHA512

57a7e435831642631b5a2a37585012322cd527296500af8e45c5a7a375b0d7e43a5e7d79c72372f68c86141b85d0cc19169f38e06b0f3e7644e561ba7c789bd6
SSDEEP

24576:wIbsVhnUUvaSzm6R6G7mN8gT2d+lmlXuwDjZHqfia7Dw9JLvOG7404o50:ZCWUiSfR6WI8gT2Ylmlew5K6a7Dw9dHe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2124-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/files/0x0009000000023401-5.dat	upx
behavioral2/memory/2124-4257-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/2124-4261-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wscadminui.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dfrgui.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setup.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ReAgentc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\driverquery.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eventcreate.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\instnm.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mmgaserver.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\nslookup.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\resmon.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexpress.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicpl.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Robocopy.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Windows.WARP.JITService.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\provlaunch.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Register-CimProvider.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RpcPing.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\schtasks.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net1.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\notepad.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WSManHTTPConfig.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\attrib.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autochk.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mmc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dxdiag.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mobsync.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RdpSaUacHelper.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedit.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechModelDownload.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\MigRegDB.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpresult.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\label.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pcaui.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\relog.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sethc.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\CloudNotifications.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdl32.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\finger.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WWAHost.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\CloudNotifications.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\choice.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dialer.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icacls.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ipconfig.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\newdev.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ttdinject.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wusa.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\nacl_irt_x86_64.nexe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.41\MicrosoftEdgeUpdate.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.41\MicrosoftEdgeUpdateOnDemand.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.153_none_7799fc2afae9a500\MDMAppInstaller.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.19041.1_none_15114cf4ffe3136a\cmmon32.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.19041.1288_none_3f2d1be96237886e\r\WSManHTTPConfig.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\Temp\PendingDeletes\ad40614236e5d701629700001815341f.UwfServicingShell.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_8a8440f738abd1b9\r\wmpconfig.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.19041.1_none_8a11dbe22c9bf6e1\msfeedssync.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.19041.906_none_9e3e509d4c4881e1\f\MuiUnattend.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpshare.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.84_none_3e82ed1fe15c67db\rstrui.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.19041.1151_none_ec390bd802a1c630\f\SearchProtocolHost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-utilman_31bf3856ad364e35_10.0.19041.746_none_eaf7a50dc46d5592\Utilman.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\Temp\PendingDeletes\a60e034236e5d701ed9600001815341f.ShellLauncherConfig.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\Temp\PendingDeletes\b719614236e5d701619700001815341f.uwfservicingscr.scr-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_d38e81565538dedf\logagent.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.19041.1_none_683b3c51d469e51b\LicenseManagerShellext.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-tetheringservice_31bf3856ad364e35_10.0.19041.746_none_6ba9668b45cb4938\r\IcsEntitlementHost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.423_none_2cade1bc915dca0d\f\Microsoft.AsyncTextService.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.19041.746_none_5fb37340a423d88f\r\PrintBrmUi.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.19041.264_none_8bd2f5fc0c992e06\SearchFilterHost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19041.1_none_d342644de571beb4\SMSvcHost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_d1d4cd9c4b409594\TabTip32.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.19041.153_none_95ba73d08e5f739c\f\provtool.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.19041.746_none_790f12933fbf7e0d\f\tpmvscmgrsvr.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\finger.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_10.0.19041.572_none_90e9bab3cbbfd71a\r\djoin.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.19041.1_none_4e633e7ac2500190\mspaint.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\r\hvsimgr.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..d-searchintegration_31bf3856ad364e35_10.0.19041.746_none_63b0fc68ee30f2cb\IMESEARCH.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_ed4855448241f7e7\r\Magnify.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1_none_b0493212512a7f1a\ntprint.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.19041.1202_none_d081cba554088913\f\slui.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.19041.844_none_f3894559140c31d7\f\imjpuexc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.19041.1_none_c10c5c59091a9a90\comp.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bubbles_31bf3856ad364e35_10.0.19041.1_none_246f53bf694f27f8\Bubbles.scr-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.1_none_171488549e32a4d3\typeperf.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\f\typeperf.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_8b2066136dd02eb6\TiFileFetcher.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.19041.1_none_0f750b10a0559386\IMTCLNWZ.EXE-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.844_none_ef8661e4d6535c5c\TabTip.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..mnotificationbroker_31bf3856ad364e35_10.0.19041.746_none_a5ade2e84580e250\DmNotificationBroker.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.19041.153_none_4e0da8ffdd43ed0d\NetCfgNotifyObjectHost.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.19041.746_none_4b1a1978d1832a5f\r\OpenWith.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.19041.423_none_d8a242bf396f7d4d\SpaceAgent.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_10.0.19041.1_none_0cfdc32c8765ead4\LinqWebConfig.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.546_none_f827f008f8832bd5\r\rasautou.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..-commandline-dsacls_31bf3856ad364e35_10.0.19041.1_none_a2eda420e70d2fc8\dsacls.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.173_none_38fc88f8cb913df1\f\winload.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_addinprocess32_b77a5c561934e089_4.0.15805.0_none_429bcf7adb8e23ed\AddInProcess32.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.746_none_4b0e3418084b5511\f\EaseOfAccessDialog.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.546_none_f786fa028426f858\fltMC.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.19041.1202_none_9fe20fdb296d6341\edpnotify.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_9a152e76298cd801\wmlaunch.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..management-omadmprc_31bf3856ad364e35_10.0.19041.844_none_93c03ca99a47dc8f\omadmprc.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\r\logagent.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tapicore_31bf3856ad364e35_10.0.19041.1_none_a47f90601a54e2cd\dialer.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe-	41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41ea9d964ebe1ac2e65889c44f1c0fbf_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe-

Filesize
1.9MB

MD5
02225dee45e6910bb700f8bfb65d056b

SHA1
a1916a2ea4256c7043935d07af0a4eff7064a47c

SHA256
902010c10932f746731456fba11c1c44343ed841202a7792c760962548ecadf7

SHA512
b7e8cef6d962e9ce0664d906bee975e58f05f22315e81648489a1ec9b12dd587f583f1bc89f711a6c60e42874562fe2346c32de77ffe999c38381a92afc1570a

Download Submit
memory/2124-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2124-4257-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2124-4261-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download