f6c0f7829324039c3ccbd79080038b43ce712b6bdd6c5925a22a963da3e6482d

Analysis

max time kernel
149s
max time network
132s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
Size

4.8MB
MD5

0020890a6fd2b80f5dbad4c031bf41a7
SHA1

78755049b701a8995b11c7c8caf0dfd3523f364a
SHA256

f6c0f7829324039c3ccbd79080038b43ce712b6bdd6c5925a22a963da3e6482d
SHA512

f653d0dca0ebdab688d752516de148e53ca8530cb37cedd10fc9dda67b4c7b86c30772ce2d826b278b073cf0944425909a2a0ccbf712b1a8fe8f6c37804b85ac
SSDEEP

49152:X/dvDllJVHgOGfAVHgOGfdBM+JnwSN2QVHgOGf:VvDllvHgObHgOETww2UHgO

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\icsunattend.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Robocopy.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\user.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\esentutl.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mstsc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\mofcomp.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\label.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\verifier.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\forfiles.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setup.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shrpubw.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\makecab.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sort.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\compact.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drvinst.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\findstr.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC10\IMTCPROP.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mobsync.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedit.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MigAutoPlay.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PushPrinterConnections.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TpmInit.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFault.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dnscacheugc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\newdev.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\upnpcont.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\grpconv.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasdial.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tracerpt.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\charmap.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\odbcad32.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wininit.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\attrib.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cleanmgr.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\poqexec.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\psr.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\resmon.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskraid.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dvdplay.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfmon.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Utilman.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xcopy.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\extrac32.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpresult.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedt32.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ftp.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ntoskrnl.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sxstrace.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_11.2.9600.16428_none_eace14b8d6178cca\SetIEInstalledDate.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\BrmfRsmg.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cttune_31bf3856ad364e35_6.1.7600.16385_none_0f797e18d8361ef2\cttune.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-getmac_31bf3856ad364e35_6.1.7600.16385_none_67f38861bbac1910\getmac.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d\CasPol.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.1.7600.16385_none_0c9cb55c61e99805\dcomcnfg.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01\BrmfRsmg.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683\driverquery.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\ehome\mcspad.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\IMEPADSV.EXE	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\aspnetca.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\ehome\mcGlidHost.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22091_none_d2b1c721321aadf8\conhost.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-international-core_31bf3856ad364e35_6.1.7600.16385_none_459f562ff37206dd\MuiUnattend.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-deployment_31bf3856ad364e35_6.1.7600.16385_none_57e3e87206ff08ca\setupugc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisreset.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\ehome\ehexthost.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eventcreate_31bf3856ad364e35_6.1.7600.16385_none_3157c24b5944e2a3\eventcreate.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-mcglidhost_31bf3856ad364e35_6.1.7600.16385_none_05a2b72417ec1c6a\mcGlidHost.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Speech\Common\sapisvr.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\autoconv.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\ehome\ehshell.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-autofmt_31bf3856ad364e35_6.1.7601.17514_none_441a424cd5cda219\autofmt.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_03d0d3c435b27637\clip.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_c33f455aebcd9dbb\bthudtask.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\ehome\ehrec.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_7547f48c79b40229\msdtc.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFHost.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1\Eap3Host.exe	0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0020890a6fd2b80f5dbad4c031bf41a7_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Filesize
4.9MB

MD5
60b8e358824b07a02f3c77f218f7a796

SHA1
1451f5562aa9620954b6658811f81aae5e202a03

SHA256
efcc3a9c7d6015f0297f91edfb2318fc6f7f5069195288561ee6d28dfe0a47c6

SHA512
ff25ccab7db4eb3cb8fd92758096b1757081d620323408db44351130a4f02dc9e54c4212569252a1708fee1c04c078ef94c58fcb6a84b6f0d2f27e575c44c342

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads