09a2abf5ee6e6e68e7b16d315c00295d8cce34f987a8fbdc83dfe1b8f0853337

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
Size

58KB
MD5

7728703c4860fed73a7a1104f46941fd
SHA1

1a4b23898ed1fc5b1e3e772faee7dc2fb46eb447
SHA256

09a2abf5ee6e6e68e7b16d315c00295d8cce34f987a8fbdc83dfe1b8f0853337
SHA512

9ddc72a1773176af71c2057892623b4b55911c824dfc59686d84f29a6004232335b1b04fca69c78760e455ded55a546a1f0796cbe47accd35a889703335d09c6
SSDEEP

768:W9BlZMP2l2wQ095aITkBXkVHZZSq0vGmme6TAaS2RSePH:Wjl+2lHKITkBXkHZwq0gTAahSYH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2312-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x000700000001875f-6.dat	upx
behavioral1/memory/2312-3668-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2312-3673-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\RegisterIEPKEYs.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\scrnsave.scr-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmd.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\extrac32.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fltMC.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msra.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DisplaySwitch.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lodctr.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fc.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\proquota.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Robocopy.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrs.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\compact.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icardagt.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\takeown.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autochk.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskraid.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\finger.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ssText3d.scr	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrshost.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dnscacheugc.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\driverquery.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setx.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\srdelayed.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\subst.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cttunesvr.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsunattend.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dialer.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\PostMig.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp_isv.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdchange.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\certutil.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\efsui.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\explorer.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\expand.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\clip.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\comp.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ctfmon.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winver.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcopy.com	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netsh.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskmgr.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicli.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net1.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\nslookup.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RmClient.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Robocopy.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eventcreate.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\help.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wecutil.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm.cmd-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zFM.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_6.1.7600.16385_none_fd9ec705e687f8c2\WMIC.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_45fe6fe8a9201e55\comrepl.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_6.1.7600.16385_none_5da314d233bb2676\dvdplay.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netcfg_31bf3856ad364e35_6.1.7600.16385_none_6c23cd5f6b2a8dbc\netcfg.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_7df14b591094e7ec\TsUsbRedirectionGroupPolicyControl.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\ehome\RegisterMCEApp.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c46104dd379\msinfo32.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_7288349cbfd37b08\taskmgr.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_infocard_b77a5c561934e089_6.1.7601.17514_none_9fe7c337d52f2ea7\infocard.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sctasks_31bf3856ad364e35_6.1.7601.17514_none_8c46e17f1398738b\schtasks.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c\cofire.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_00192601418cadff\wmpenc.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrs.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\relog.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_25cb021dbc0611db\dxdiag.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.2.9600.16428_none_b436382b203656be\ExtExport.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_a82ee2a7319fa8f8\ipconfig.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_6.1.7601.17514_none_6ba44fa419d13382\msoobe.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_5f774c61592c67c3\netsh.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_04de43c774cf8fe3\alg.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.1.7601.17514_none_558f74866ddb8017\MSBuild.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269\InetMgr.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.1.7601.17514_none_c0f01f501d19ea73\ehexthost.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b622bd1115139e\SMSvcHost.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\poqexec.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.5.7601.17514_none_af500e3c7fc49bc4\wuapp.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_a0cf62efee3228a3\wab.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.1.7600.16385_none_7c5b469993c3ad32\jsc.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\wscript.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\AddInProcess32.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.1.7600.16385_none_7351a917d91c961e\expand.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-robocopy_31bf3856ad364e35_6.1.7601.17514_none_c90e996c4aa655c4\Robocopy.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_eb5947ea4debcf36\RMActivate_isv.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iissetup.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchProtocolHost.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_114ca177b1fcad24\newdev.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_a2fcd94e8fba36f5\RMActivate.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\ehome\ehtray.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\ehome\MediaCenterWebLauncher.exe	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105\diskpart.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_16699919077609d2\taskmgr.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7600.16385_none_d2fff1dae966863c\csc.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b\aitagent.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\chcp.com-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14\Solitaire.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025\msdt.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe-	7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7728703c4860fed73a7a1104f46941fd_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
989KB

MD5
dfceb203b72c1ea83a09b8c5e7dfcec4

SHA1
f7339aedafb4f7e9b3575c188235f01755073014

SHA256
e1414c9a4574160862f59c035d970e1fa2dd4eb880213d4ab4730b79a6648c4d

SHA512
736e3dd2cf3c6dbbf7d48eb896137d4d3d33eab885fd44df67e7fed4967256b4e485d1a8f9d45ff8da7ea3be44dab4f24ec40cdca6b9bac734304102cb99c028

Download Submit
memory/2312-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2312-3668-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2312-3673-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download