92a82ea78a9afb6c129438156cd186899bf00c1701ce02a41264b377219aeb16

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 08:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
Size

55KB
MD5

733bc298334eff734ad5f53c6f718304
SHA1

1eb1a5461189e8ef8f20cc424143c660d8347fd9
SHA256

92a82ea78a9afb6c129438156cd186899bf00c1701ce02a41264b377219aeb16
SHA512

1075de003648ca579ac66884f034310900ad4380765a86c63b3d1858e021c1d57a42bc48e233195c963f5b6a3740e5ea3715c9eb75154a15d57a2685aa9a054b
SSDEEP

1536:Wjl+2lHKITkBXkHbo/8kv+lrbV9P3N1JUi787VKzLvwQEnKXhS:O5HKITkBXkHbo/8kv+lrbV9/N1JUi78f

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x00080000000120fb-6.dat	upx
behavioral1/memory/2164-1151-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2164-3657-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2164-3661-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dvdupgrd.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\help.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sfc.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SndVol.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ARP.EXE	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\finger.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\forfiles.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\help.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMESC5\IMSCPROP.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wlanext.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ARP.EXE-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DevicePairingWizard.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\comp.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchProtocolHost.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sxstrace.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xcopy.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dialer.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\find.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fsutil.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\IMCCPHR.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net1.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autofmt.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\explorer.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bthudtask.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MigAutoPlay.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\recover.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\OptionalFeatures.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wlanext.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\expand.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskeng.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WinMgmt.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\auditpol.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcomp.com	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpapimig.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\secinit.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\vssadmin.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autochk.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\explorer.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mode.com-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TSTheme.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wimserv.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wowreg32.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netbtugc.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shutdown.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesProtection.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpapimig.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\IMEPADSV.EXE	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wab.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7z.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_presentationfontcache_31bf3856ad364e35_6.1.7600.16385_none_0da126f11187fafa\PresentationFontCache.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_0f49a133d6f5d42b\mmc.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_installutil_b03f5f7f11d50a3a_6.1.7601.17514_none_0826be6cc9481df4\InstallUtil.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-runas_31bf3856ad364e35_6.1.7600.16385_none_5fbe9f67bec0f818\runas.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.1.7600.16385_none_77536d124094b997\TpmInit.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-where_31bf3856ad364e35_6.1.7600.16385_none_5da98f433f7e2878\where.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\ehome\ehprivjob.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_a69c6a8f23f521f3\diantz.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_0d6fabd7def3be93\PushPrinterConnections.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\AddInProcess32.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicepackcoordinator_31bf3856ad364e35_6.1.7601.17514_none_92e727843e307e1b\spinstall.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529\msg.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_90ecf919657dacf4\ARP.EXE-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_bfe4d387913dbb8f\ComSvcConfig.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_86ab4a318a459fda\taskhost.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WinMgmt.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\poqexec.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-synchost_31bf3856ad364e35_6.1.7600.16385_none_c575fec016436d8a\SyncHost.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_d5bc65ffdc22ec35\TSTheme.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_994532c948ec8e69\aspnet_wp.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\NETFXRepair.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_cc12387f7062eb3b\cliconfg.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\rpcinfo.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\reset.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_cd93efad202e5fb6\bthudtask.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_d1d79dd7e49a786f\AdapterTroubleshooter.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sort_31bf3856ad364e35_6.1.7600.16385_none_ab9479767ad67fd7\sort.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Boot\DVD\PCAT\etfsboot.com-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\ehome\WTVConverter.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_761ad65676427bd9\sdiagnhost.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-tools-setspn_31bf3856ad364e35_6.1.7600.16385_none_dbfa9310f7d4d925\setspn.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\change.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_96421d40c0e2903e\aspnet_regbrowsers.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_dcb42ec76404494f\aspnet_regsql.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\xlog.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0\LocationNotifications.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_1457169844ae9574\msinfo32.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_2936f54db7f6c08f\findstr.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\ehome\MediaCenterWebLauncher.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc\iediagcmd.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb\MdRes.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\icsunattend.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskkill_31bf3856ad364e35_6.1.7600.16385_none_8172f0ac75c192a6\taskkill.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7600.16385_none_b6bc1aae9d0693c5\McxTask.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22\diskcopy.com-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\poqexec.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\chgport.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ca00459dda59f6f4\netiougc.exe-	733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\733bc298334eff734ad5f53c6f718304_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
986KB

MD5
770127403f67a3d5bb5c505b8244f400

SHA1
dc2bac473b37860b46acad22da79c2f06a6032f8

SHA256
24f26e8c6207526cb71622dc0e96c80f46ad8b5a236d38a62ad53b48f1de8243

SHA512
8d343771d723bac485660691cfce6d2b618f48147f56c63799812e30465e72a9fb6b8172d36d19d24c03fc2295886411997afd7b9f455d322dfe5aca29ae5e17

Download Submit
memory/2164-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2164-1151-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2164-3657-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2164-3661-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download