9847f8a5dcffe85ca88be47872d1235da56e0989d66a7f8d9141cc61783f9816

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
Size

85KB
MD5

b41be2ad467aee515e9223457d616b4b
SHA1

ad2d4bf5e5f574de1aa8725e0bfb275b48228860
SHA256

9847f8a5dcffe85ca88be47872d1235da56e0989d66a7f8d9141cc61783f9816
SHA512

7630f75c359965ed662deea72a0d8d1788635002f88508cd4380414c990f57e0f79ce9b39125f28cc6c3ac6ca0032837c5d2bdf1e88b938582fff0c914c5833b
SSDEEP

1536:Wjl+2lHKITkBXkHbo/8kbrcJj6XWLuFm6yECw0qjW9SRnkgFflnLX:O5HKITkBXkHbo/8kbgj6XWLuFTyDeSSd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1488-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x00090000000120fb-6.dat	upx
behavioral1/memory/1488-3656-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1488-3657-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1488-3662-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\iscsicli.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mfpmp.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mobsync.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\newdev.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ssText3d.scr	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\printui.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\auditpol.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskmgr.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\xpsrchvw.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mshta.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MuiUnattend.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\net.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netbtugc.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wevtutil.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\attrib.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pcaui.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\srdelayed.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\where.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\proquota.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runonce.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\unlodctr.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autofmt.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpscript.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC10\IMTCPROP.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tracerpt.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eudcedit.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\notepad.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\systeminfo.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrshost.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dialer.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\reg.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RMActivate.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Robocopy.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tzutil.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dfrgui.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpresult.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logagent.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sc.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskcomp.com-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjppdmg.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\recover.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sort.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wusa.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fontview.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fontview.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\instnm.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedit.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ocsetup.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PING.EXE	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskkill.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\vssadmin.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\attrib.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\compact.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\driverquery.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7z.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065\nfsclnt.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.2.9600.16428_none_b436382b203656be\ExtExport.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_a2fcd94e8fba36f5\RMActivate.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnscacheugc.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7600.16385_none_d009281f9a108e04\mshta.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.1.7601.17514_none_f1fca1ab90570e8a\MdSched.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7600.16385_none_47357ddedbb9dec6\logagent.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7601.17514_none_f59e20ddece8f922\CertEnrollCtrl.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.1.7600.16385_none_31ae00ebd2fb34b5\icardagt.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04\systray.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..-coreinkrecognition_31bf3856ad364e35_6.1.7600.16385_none_498d334c14a3b9bb\hwrreg.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7601.17514_none_b296f701dc00c582\ieUnatt.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-pdm-configuration_31bf3856ad364e35_11.2.9600.16428_none_d6876629731ce419\PDMSetup.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-devicepairingapp_31bf3856ad364e35_6.1.7600.16385_none_cb9353551bbd8ed8\DevicePairingWizard.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.1.7601.17514_none_412fcd2afecdc412\mqsvc.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-takeown_31bf3856ad364e35_6.1.7601.17514_none_58116b392c3da43c\takeown.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17932_none_d26a33ec18cb49c4\conhost.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_ff1b74d24817a82b\RMActivate.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17514_none_a505d556c9de886a\rstrui.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0\LocationNotifications.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\migwiz.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_533d797efdf7728b\SystemPropertiesAdvanced.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4\mfpmp.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_494ba66d2a12efc3\Netplwiz.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_67910dfbf63c4aae\diskraid.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehmsas_31bf3856ad364e35_6.1.7600.16385_none_8707c620868fdf75\ehmsas.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22091_none_d0d0722c3bb0dc09\user.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_a45d44bd1a0af822\wscript.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vdsldr.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sysinfo_31bf3856ad364e35_6.1.7600.16385_none_ef2b073e59e262f6\systeminfo.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_28590620099da2d8\fsutil.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mspaint_31bf3856ad364e35_6.1.7600.16385_none_ea12784c0842bfc1\mspaint.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_806f80a8aaa33dd4\sdiagnhost.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.1.7600.16385_none_17b5a0e65422e9b1\msdtcvtr.bat-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7600.16385_none_99424f610bd169de\control.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mountvol_31bf3856ad364e35_6.1.7600.16385_none_0e4e6b146b2452a9\mountvol.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_cc3a6a9c514031a2\fsutil.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_6.1.7600.16385_none_2b1523604c99c736\sfc.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_msbuild_b03f5f7f11d50a3a_3.5.7601.17514_none_ea8ca0c25e350957\MSBuild.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_ed2d0ae971b57e8d\Netplwiz.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-osk_31bf3856ad364e35_6.1.7600.16385_none_aa93298fbb4246f2\osk.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\poqexec.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\change.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-writewin_31bf3856ad364e35_6.1.7600.16385_none_378836c309ee380e\write.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_052696aea98bcefc\PING.EXE-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_6.1.7600.16385_none_26e76f2ac1492952\wmprph.exe-	b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b41be2ad467aee515e9223457d616b4b_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
1016KB

MD5
587a59979efeba49b8d806e812fb3971

SHA1
7de59e033b5ebd0faa65eac55541dccbc82bfcd7

SHA256
e382a7913ed32ba7b2e51ea2d00ad1712a0717511be7f7d474a3dd120fc785c1

SHA512
bcc892eb359632f4159e342569875e6fe400c38a25921924a38f21b7130a370e7bc57656c585253ab83db7c82e02c696eb631f9ce6f0230cf65a5bc53c1e399f

Download Submit
memory/1488-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1488-3656-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1488-3657-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1488-3662-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download