5083492f1e7e3784a026326a71fd456184856df045f1ac491576850e8b291b37

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
Size

57KB
MD5

46beb6c7262e8d8cac748eb8ca6f643c
SHA1

382626c4ece0fea7bf07825a6a6e027726240081
SHA256

5083492f1e7e3784a026326a71fd456184856df045f1ac491576850e8b291b37
SHA512

799c179a74d9e1a06dcbf87c35c4ef92f4a5f90c80c78a086d228cdbf5d887a1d58484c318253d145208e9000017007288819206f5d95364d0f452f83a03e458
SSDEEP

1536:Wjl+2lHKITkBXkH/e7xOm8XLM6MLcfLhhR2Pi6:O5HKITkBXkH/GOmR6MLcfLhqPl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/592-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x000b000000012118-6.dat	upx
behavioral1/memory/592-3661-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/592-3666-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\NETSTAT.EXE	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\relog.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\certutil.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ieUnatt.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logman.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sxstrace.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\clip.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdkey.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\odbcconf.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\typeperf.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\format.com-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\isoburn.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dvdplay.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hh.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ocsetup.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Ribbons.scr	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\secinit.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cleanmgr.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmd.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\control.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setx.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Utilman.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\secinit.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WmiPrvSE.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RegisterIEPKEYs.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RpcPing.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dnscacheugc.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ntkrnlpa.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\print.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\proquota.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmdkey.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autochk.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autofmt.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MuiUnattend.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SetIEInstalledDate.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setupSNK.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\finger.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msiexec.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tzutil.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mfpmp.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\poqexec.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regini.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\compact.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpapimig.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netsh.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TSTheme.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wuapp.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xcopy.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\wmpenc.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmprph.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ehome\McxTask.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1\Eap3Host.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-getmac_31bf3856ad364e35_6.1.7600.16385_none_0bd4ecde034ea7da\getmac.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_cc12387f7062eb3b\cliconfg.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_0becd32d7b9ba9e5\bootcfg.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_67910dfbf63c4aae\diskraid.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_58326e688d4907c6\WFServicesReg.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.2.9600.16428_none_3bb1024f1e6bc086\mshta.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.1.7600.16385_none_998ff5c741ae3fb1\NAPSTAT.EXE-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-ldr64_exe_31bf3856ad364e35_6.1.7600.16385_none_f98e4869675ab367\Ldr64.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_6.1.7601.17514_none_b532bb17fea7ee9a\LinqWebConfig.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.1.7600.16385_none_44d62330646f757a\DeviceEject.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-label_31bf3856ad364e35_6.1.7600.16385_none_570561eb2b9c151d\label.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_44263d819f0aa19e\odbcad32.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\write.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_a5a135380060b978\aspnet_compiler.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\wmpshare.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_6.1.7601.17514_none_331c32d99bebbdac\mip.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_009cfaa696afe78b\fc.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7600.16385_none_b6cb9ed71c8b43d5\SystemPropertiesPerformance.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_806f80a8aaa33dd4\sdiagnhost.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\SvcIni.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-autofmt_31bf3856ad364e35_6.1.7601.17514_none_441a424cd5cda219\autofmt.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-htmlhelp_31bf3856ad364e35_6.1.7600.16385_none_2e9f92abd2ce43b6\hh.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_eb5947ea4debcf36\RMActivate_isv.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\fsquirt.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39\PurblePlace.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\setupsqm.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4\tabcal.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-xcopy_31bf3856ad364e35_6.1.7600.16385_none_beea9c500dfd4622\xcopy.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\AddInProcess32.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\icsunattend.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\ehome\loadmxf.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\regedit.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_114ca177b1fcad24\newdev.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-devicepairingapp_31bf3856ad364e35_6.1.7600.16385_none_6f74b7d163601da2\DevicePairingWizard.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\IMCCPHR.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-packagemanager_31bf3856ad364e35_6.1.7601.17514_none_eedf2e0751865eb2\PkgMgr.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.1.7601.17514_none_ba1c770af0b2031b\cvtres.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\typeperf.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb\RMActivate_ssp.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_6ff39cfbb8057a05\cliconfg.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ribbons_31bf3856ad364e35_6.1.7601.17514_none_8abc4ded863e0452\Ribbons.scr-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_b8db1dc46558b805\evntcmd.exe-	46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\46beb6c7262e8d8cac748eb8ca6f643c_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
988KB

MD5
aab4344fbcb020642db2840fd53435fb

SHA1
dee7514c63c70460dbace8aed021bf84272b287f

SHA256
54953170e8f63184bf8d81f105433b274be5df21f72323ce1461b115f735305f

SHA512
4f7048efeea7aedc9163327c235fa2af445704425c61d61e35bd29c3ac4233e8b7b154e6b76e8432386d095a64f909d7bf8fcfa915b0e48a2f100ab49f643e2c

Download Submit
memory/592-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/592-3661-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/592-3666-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download