7350cf1ef2ae4a2dfb7e03a9228924ec6a114b5196172f0caec3be6b4e86c0be

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 22:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
Size

225KB
MD5

9508f644ca6931f2163572761cb331ee
SHA1

42c01a00544781f49cd1f89a37f3bff9c9d02cbb
SHA256

7350cf1ef2ae4a2dfb7e03a9228924ec6a114b5196172f0caec3be6b4e86c0be
SHA512

f2cbfd4be0a7bd289588c26ff494ae24c0eee47f34c047ce1bac5ea945e912fa5d5e64cf47bff0d8c2e353cbaa934905b971265f5e599fa675fb4e6e3d85fc31
SSDEEP

3072:O5sPGQe5sX6dehxxjq0Fp2XAdff3+Jg/P44xpflta2c935a4ZxPM/WJOi8s:PGtsDPOXAdff3CgzuZQYOiD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2404-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x0007000000016cd7-6.dat	upx
behavioral1/memory/2404-3660-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2404-3664-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dcomcnfg.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shutdown.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\userinit.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\w32tm.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mshta.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesHardware.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\verifier.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\findstr.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Bubbles.scr-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskpart.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\expand.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\schtasks.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchIndexer.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskmgr.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cscript.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\grpconv.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logagent.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netiougc.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PING.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\user.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wowreg32.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eventcreate.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\LocationNotifications.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SyncHost.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dplaysvr.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mspaint.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcopy.com	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pcaui.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rundll32.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sort.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eudcedit.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fsutil.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netiougc.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rundll32.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\schtasks.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\more.com-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\certreq.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\forfiles.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ssText3d.scr	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wscript.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xwizard.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WmiPrvSE.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WSManHTTPConfig.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hdwwiz.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mobsync.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\srdelayed.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskeng.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ComputerDefaults.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\esentutl.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\setup_wm.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmprph.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe\Bubbles.scr-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_cc12387f7062eb3b\cliconfg.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88\TapiUnattend.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d\tcmsetup.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-ieexec_b03f5f7f11d50a3a_6.1.7600.16385_none_7dfc94f7357c56d2\IEExec.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\ehome\MediaCenterWebLauncher.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_6.1.7600.16385_none_c09aa5b3bec88beb\BdeUISrv.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..cquisition-wiawow64_31bf3856ad364e35_6.1.7600.16385_none_2874ea220a5507fd\wiawow64.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wusa_31bf3856ad364e35_6.1.7601.17514_none_0b2696ec2f3c656d\wusa.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_affb336d34ccf2f8\setup_wm.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-timeout_31bf3856ad364e35_6.1.7600.16385_none_8c3ac2e4279846be\timeout.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_4c193e6507471ede\ngen.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\showmount.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_6.1.7601.17514_none_4c8976380e00631f\WMPDMC.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-credwiz_31bf3856ad364e35_6.1.7600.16385_none_9fb106cecd28b3f9\credwiz.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-telnet-server_31bf3856ad364e35_6.1.7600.16385_none_eefcce9868c6d4b7\login.cmd-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\imjpuexc.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4\mfpmp.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc\iediagcmd.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04\systray.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_6.1.7600.16385_none_fd9ec705e687f8c2\WMIC.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\ehome\ehmsas.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\ehome\ehvid.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.1.7601.17514_none_88ff132e83a8a275\ehtray.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.2.9600.16428_none_4605aca152cc8281\mshta.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_fb26c75d92790b8f\setupSNK.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_78dd6e4cd6655603\WmiPrvSE.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-verclsid_31bf3856ad364e35_6.1.7600.16385_none_bbbd275974c7e191\verclsid.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sbunattend.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.1.7600.16385_none_7351a917d91c961e\expand.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_6.1.7600.16385_none_e47ee9c51ad9df17\ktmutil.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_51e5e402131afc4a\AppLaunch.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-regini_31bf3856ad364e35_6.1.7600.16385_none_0c2c92921b2478ef\regini.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.1.7600.16385_none_44d62330646f757a\DeviceEject.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16385_none_9e59e11166b683d3\PDIALOG.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_f20ae427dbae4faf\ntprint.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_6.1.7600.16385_none_dc2a59723dcfa2c7\RmClient.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.1.7600.16385_none_8094bd7b62d2b435\ImagingDevices.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_9edcb4a706944d0a\convert.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.1.7600.16385_none_6f1d25ec0a04d811\rasdial.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\plasrv.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-es-authentication_31bf3856ad364e35_6.1.7600.16385_none_419312c477ec702a\EhStorAuthn.exe-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.1.7601.17514_none_6dd5e8c3b6b81894\PhotoScreensaver.scr-	9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9508f644ca6931f2163572761cb331ee_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
1.1MB

MD5
5362a2d883648fa1c66e0a6a54a0477a

SHA1
5180205e3138345d1cfe4ff4a83d45d0bf581045

SHA256
8944e6b0540e272390b0889b45dce899dae244d21c0db7c76e2c9fed4945d3c8

SHA512
beff5f661dcc1fc36ed78f3411995aed705859050c09ad727a0db70f270863489cda892fcb92f6a06e0ce8a4d5cf23b615fdef77a9343179cc9a366205778cd2

Download Submit
memory/2404-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2404-3660-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2404-3664-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download