5b55dc27d3123b57ff7cf00c2ddaffb3f08e17e30c4390438b1399fd862ced69

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
Size

77KB
MD5

b97e4f60fc8948d3bb0299413aa1a3de
SHA1

1ed394f6ca3f8dbc58ea8ff79e0af167d2ea96d5
SHA256

5b55dc27d3123b57ff7cf00c2ddaffb3f08e17e30c4390438b1399fd862ced69
SHA512

63d86fca2afe1970b0197725b29e6edd7b9b6c101cd929607e158e7350e0b488b1dddadd7b4113357b2a76af2ebab4d9ae609d782e5703f832748dfdbbbbd7f1
SSDEEP

1536:Wjl+2lHKITkBXkHbo/8kbrcJj6XWLaKK0Fs8DVRO+h+:O5HKITkBXkHbo/8kbgj6XWLaKNzDVph+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1716-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x0008000000016d5a-6.dat	upx
behavioral1/memory/1716-3665-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1716-3666-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1716-3670-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\diskcomp.com-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wermgr.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\charmap.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\credwiz.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexpress.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\instnm.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskeng.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WinMgmt.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wextract.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\where.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\findstr.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ktmutil.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\newdev.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\odbcconf.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedt32.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\userinit.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dcomcnfg.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logman.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\reg.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm.cmd-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dfrgui.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\doskey.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\finger.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\forfiles.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Robocopy.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wowreg32.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\regedt32.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchIndexer.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\WMIC.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpapimig.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\expand.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\find.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msdt.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mshta.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msinfo32.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dxdiag.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mobsync.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runonce.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chkdsk.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\runas.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\format.com	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\autochk.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eventcreate.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Ribbons.scr-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\syskey.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setup.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfhost.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\scrnsave.scr-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\whoami.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpresult.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\NAPSTAT.EXE	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ssText3d.scr-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\AtBroker.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpenc.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmplayer.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-label_31bf3856ad364e35_6.1.7600.16385_none_b323fd6ee3f98653\label.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\tree.com-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.1.7601.17514_none_ba1c770af0b2031b\cvtres.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\ehome\RegisterMCEApp.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisreset.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7600.16385_none_8ee34c400d95f0ab\psr.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\SpeechUXWiz.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.1.7600.16385_none_f0686b7ca6acde00\wlrmdr.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\find.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_40d0db63344deff9\SystemPropertiesHardware.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\convert.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_0df703f36aac2f13\aspnet_state.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_wpf-xamlviewer_31bf3856ad364e35_6.1.7601.17514_none_b43451f0938c6cd0\XamlViewer_v0300.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inkwatson_31bf3856ad364e35_6.1.7600.16385_none_644c1a991aac9ffb\InkWatson.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7600.16385_none_d96243212694b69e\esentutl.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_f71eddfb459a0155\SystemPropertiesAdvanced.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ervicing-management_31bf3856ad364e35_6.1.7600.16385_none_ba9e94bf275d71ed\Dism.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.1.7600.16385_none_cb604f1aa758e6b6\IMJPMGR.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runas_31bf3856ad364e35_6.1.7600.16385_none_bbdd3aeb771e694e\runas.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchIndexer.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.1.7600.16385_none_fe75fb7856d846d5\DWWIN.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\diskperf.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFaultSecure.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_934d08d31b96d4ee\msra.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef\BitLockerWizard.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winre-recoverytools_31bf3856ad364e35_6.1.7601.17514_none_d7553e5fcf6b6373\ReAgentc.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.1.7600.16385_none_fe560f0352e04f48\MineSweeper.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_6.1.7600.16385_none_7861b83567d966e6\ksetup.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.2.9600.16428_none_e8cd1f348648ebd1\ielowutil.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\pcwrun.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\SpeechUXTutorial.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\icsunattend.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\replace.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sigverif_31bf3856ad364e35_6.1.7600.16385_none_178e7604150fa952\sigverif.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_b0540607b5e5d445\sxstrace.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-irftp_31bf3856ad364e35_6.1.7600.16385_none_b2af329397f29f60\irftp.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_ef38a8d0d05cc2c7\IMJPUEX.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\IMEPADSV.EXE-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7600.16385_none_782d737490d72da3\regsvr32.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vdsldr.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-choice_31bf3856ad364e35_6.1.7600.16385_none_c33d412fed16819c\choice.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_5ec90957e1a8fe95\shutdown.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..ration.online.setup_31bf3856ad364e35_6.1.7600.16385_none_0dbedb7c5ac04a7d\onlinesetup.cmd-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_f327d2f6575da8ce\systray.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\ehome\ehprivjob.exe	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiag.exe-	b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b97e4f60fc8948d3bb0299413aa1a3de_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
1008KB

MD5
2f711bdc37ad6e49e18e945e6b38244f

SHA1
3201f921448dd29b1befecfff4d67058af7a7faa

SHA256
935a77ab31d256ac58c5b9ec6fe353f4153f6eb8d4658dd75d7a6a035f7d8bf7

SHA512
63dab500ae3943eb72f9f55d16610ab5e42509fea636f1d7dd1597b103eb57235b2b076a701c3aeaa96b53d2fbd5c22a4f6b2e8dcfda4667f03cb99f0ebcc6f7

Download Submit
memory/1716-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1716-3665-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1716-3666-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1716-3670-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download