f5e5b653fcea880920d55c55290d0122530e01e14d255be657c1a8cd5f2a4e71

Analysis

max time kernel
64s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
Size

67KB
MD5

b2fbbb7a2d808da2714c3b1885200a5a
SHA1

290bb7b3a92c83e21f0ed867e431ec9ab23e798e
SHA256

f5e5b653fcea880920d55c55290d0122530e01e14d255be657c1a8cd5f2a4e71
SHA512

da3ec2082ce13cd50a9f80d5c97320183faa0913101d85afae6e2aacaa0d9692b0ae66077e2f86cf84ace30b63f975fd56e199116bb3844d3ce6cf9ddb0fed74
SSDEEP

1536:PHGbsU92zp5USqVQ6q0wbj4fnwbdcEwXj6IM:PLU92zp2SqVQ6qL4zzj6H

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\CNBP0.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\migfiles.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\SFLISTLH.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\tsprint-datafile.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wiaca00b.inf_amd64_neutral_1aaa057d3d52ea43\CNC980N.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wiaca00b.inf_amd64_neutral_1aaa057d3d52ea43\CNC980W.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\SFCN.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ieapfltr.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\drvindex.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\com\comempty.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\CNBP1.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBE4_0.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wiaca00a.inf_amd64_neutral_163313056d8f34ab\CNC970W.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\SFLCID.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dssec.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mlang.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBP40.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\CNBP2.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBP41.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBP42.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\NOISE.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\SFLISTW7.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\SFLISTXP.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe

Drops file in Program Files directory 53 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.DOC	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PSRCHKEY.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PSRCHLEX.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ENGDIC.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.PPT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre7\lib\currency.data	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\STOCKS.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.PPT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PSRCHLTS.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PSRCHPHN.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.DOC	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\UndoGrant.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\JFONT.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\LOOKUP.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTFORM.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OCRHC.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ENGIDX.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PSRCHSRN.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OCRVC.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OUTLFLTR.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\tw_gu.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_65c533f1c582e47c_perfi.dat_e3a35ecf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\krprint.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4dbc16709fc64660_perfh.dat_e67d1236	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0409\perfi.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Internal.Tasks.Dataflow	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\ShellNew\PWRPNT12.PPTX	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c342610ed289dc75\perfc.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0411\perfd.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\Tasks\SA.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\SFLISTXP.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\tw_ku.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0410\perfc.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0411\perfi.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.1.7600.16385_none_cd7aeeff1897d018\perfd.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-t..-coreinkrecognition_31bf3856ad364e35_6.1.7600.16385_none_498d334c14a3b9bb\hwrcommonlm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.de-ch.ale_31bf3856ad364e35_6.1.7600.16385_de-ch_5112a34eed396fb9\hwrdeslm.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\jptree.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\tcprint2.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_65c533f1c582e47c_perfh.dat_e67d1236	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4dbc16709fc64660_perfc.dat_f4bd9339	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1820774de6bd4d16_perfc.dat_f4bd9339	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\jpserht.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0dcaa2ad5c24a80_perfi.dat_e3a35ecf	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.1.7600.16385_none_cd7aeeff1897d018_perfc.dat_f4bd9339	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0407\perfh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1820774de6bd4d16\perfh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c342610ed289dc75\perfd.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_f212a9458fcfdbd5\perfh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-sendmail_31bf3856ad364e35_6.1.7600.16385_none_b6de6c0835b43484\Mail Recipient.MAPIMail	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.fr-fr.ale_31bf3856ad364e35_6.1.7600.16385_fr-fr_561b7e5396352289\hwrfrash.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\tctree.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_f212a9458fcfdbd5_perfh.dat_e67d1236	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_wiaca00b.inf_31bf3856ad364e35_6.1.7600.16385_none_9a3fc1497fbc9081\CNC980W.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0407\perfc.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\040C\perfd.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0C0A\perfd.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_65c533f1c582e47c\perfh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\krserht.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\ocrvc.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\tw_uk.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0407\perfd.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.7600.16385_none_72414f35fc718b5d\ieapfltr.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\tcserht.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_prnca00x.inf_31bf3856ad364e35_6.1.7600.16385_none_e90677c70609283c\Amd64\CNBP1.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1820774de6bd4d16_perfh.dat_e67d1236	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0000\perfc.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0000\perfh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0411\perfc.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c342610ed289dc75\perfh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_f212a9458fcfdbd5\perfc.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\tw_ug.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\inf\PERFLIB\0C0A\perfh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.16428_none_dde9296580ccbddf\ieapfltr.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.1.7600.16385_none_cd7aeeff1897d018\perfc.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-t..cognition.ca-es.ale_31bf3856ad364e35_6.1.7600.16385_ca-es_e8793c088306008d\hwrcatsh.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\pscomps.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_prnca00z.inf_31bf3856ad364e35_6.1.7600.16385_none_ea189c313845a10e\Amd64\CNBP40.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_prnca00z.inf_31bf3856ad364e35_6.1.7600.16385_none_ea189c313845a10e\Amd64\CNBP41.DAT	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
File opened for modification	C:\Windows\winsxs\amd64_tsprint.inf_31bf3856ad364e35_6.1.7601.17514_none_ca1bed7d5beee2f8\tsprint-datafile.dat	b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b2fbbb7a2d808da2714c3b1885200a5a_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2256-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-2-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-1-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-3-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-4-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-5-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-6-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-7-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-8-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-10-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2256-16-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads