d0140c79ed8fc4cb7c1e12de170f6d34bdccd975c8daaeb524d54db915926209

Analysis

max time kernel
92s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
Size

82KB
MD5

d15107b36740f87a2c5df1ebd8427e3a
SHA1

037ea0366886e407ee48c3cbf40fcf272ee3aca4
SHA256

d0140c79ed8fc4cb7c1e12de170f6d34bdccd975c8daaeb524d54db915926209
SHA512

5eaf8540f7b2830503c21fa44f8416c1bf88969728d55c1b8c408e994df12fec5d744d95e37517060a83fe48e1d5a8484afb2e788a26cab060b1aefa8697e470
SSDEEP

768:yOF3ns7LUaaMOX/atmav1EFMFnOlWhj/Z:yOF3OLr5OHmEFMFnOlWhj/Z

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File created	\??\c:\Program Files\desktop.ini	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tg.txt	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\jli.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\lcms.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\jsdt.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jconsole.exe	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\javaw.exe	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\SIGNUP\install.ins	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1616	2744	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d15107b36740f87a2c5df1ebd8427e3a_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2744
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 1020
  2⤵
  - Program crash
  PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2744 -ip 2744
1⤵
PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
8ede8a844eb10605c43998665b6dd397

SHA1
0300cf4f12f6637929a91e6c58679082a178335b

SHA256
a8ddda5a4d38529cb6f111e2bbcbd6684d981e7f2267e5a348d8505f633b9aff

SHA512
9c273397018fc293458839ac7206b30022b53cc2492b1b7cd5aadb69cc37a74479c2f20a663932d5deb6fabc362e09c0cd5d68ee4341184b7d1221a8993a48ff

Download Submit
C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit