8ded8d5d4f223e40ea5c192f42f6cf845b2cf713f6f5083ab0c3c4c179ab2af3

Analysis

max time kernel
32s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
Size

92KB
MD5

c202821e262eb88e5e32df90a00ee6d4
SHA1

18612a1623bb24d4e3bcaefd71677c9f52c2eff3
SHA256

8ded8d5d4f223e40ea5c192f42f6cf845b2cf713f6f5083ab0c3c4c179ab2af3
SHA512

81ac7d3dafc7bf4f185e891cb80f71158417e5edfd5f52937dc1d1dfa13e495383affefe3690f9391194c324828db15db789223e5b7240eead61ab5ca9d53dad
SSDEEP

1536:yOF3OLr5OpiVlwlGmEFMFn4eOTeY+TGx7WHlwlk:DO/Yi2EFMFn3O5+Tyin

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ku-ckb.txt	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\en-US\wab32res.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\es.txt	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\af.txt	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c202821e262eb88e5e32df90a00ee6d4_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
5.6MB

MD5
a2613896a6067e7e0d35a00d769cb9d7

SHA1
b6a5f5aeba67601bb1e4915d2fff35be771c66d2

SHA256
664667cdccdff1d190248ec60a85609cd668dc5cb3d444e36a54025f2b1cd3ea

SHA512
8acd61908fb574d310355e97748f688b3375b2811238b66a92912b6c03a926ad77de1010b0e6cae74daaa870ce3afb4528b04bce5bd00fd10c05967cc5c96f25

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit