0e7a4317ffe87e9a35d9c550558b23c794c19fe46810f2d5f8d4b35d5b9991a8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
Size

1.6MB
MD5

de2375cdac81186fe214399e3e59c1d1
SHA1

96e2d246922f4754ec1e76e757f21ea4b288e667
SHA256

0e7a4317ffe87e9a35d9c550558b23c794c19fe46810f2d5f8d4b35d5b9991a8
SHA512

59a839124c686ec1b8c668bee470b5925258642cfc3e2e4dfbddf473006887e1734a22369e09a3d8184af35f4e647d47f28fd053fd7e2f42064394866b4b651d
SSDEEP

24576:lpi6eMDSwaeH8wpZ1FGgmfOCa+uRgiNOnfD3RgUOscZXI:lpowaeH8+Z1pmfOj9o73RgUOF2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000016398-6.dat	upx
behavioral1/memory/2080-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2080-3656-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2080-3657-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2080-3662-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Mystify.scr	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasautou.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ssText3d.scr	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tzutil.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm.cmd	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fontview.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpresult.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskkill.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wscript.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\rasphone.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SyncHost.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netsh.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdbinst.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\doskey.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eventvwr.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\migwiz.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tcmsetup.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\at.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\takeown.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cmmon32.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SecEdit.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup16.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\verclsid.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\logagent.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\more.com	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mspaint.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ocsetup.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\replace.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TapiUnattend.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\explorer.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\waitfor.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Utilman.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bitsadmin.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iscsicli.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\taskeng.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\charmap.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dllhost.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\isoburn.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\gpscript.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ARP.EXE	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\certutil.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\netiougc.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskpart.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\esentutl.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ipconfig.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\powercfg.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\shrpubw.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpenc.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Install\{1A1CC958-2235-4531-8015-5AFE1D6CBF7D}\chrome_installer.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\wabmig.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\sidebar.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_wpf-terminalserverwpfwrapperexe_31bf3856ad364e35_6.1.7600.16385_none_243595ae2cf3193f\TsWpfWrp.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\hh.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a\ndadmin.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-runonce_31bf3856ad364e35_6.1.7601.17514_none_73e0da0bd5a77c41\runonce.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-secedit_31bf3856ad364e35_6.1.7600.16385_none_0adc1fc1cb6f944b\SecEdit.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_14f9b9481db6293b\evntcmd.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_9edcb4a706944d0a\autoconv.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\dfrgui.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_6.1.7600.16385_none_8d6c9c807200865a\TSWbPrxy.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7601.17514_none_f4285a06060032a9\vbc.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_6.1.7600.16385_none_e4f094112e8f905d\wimserv.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_190fa02cb006154d\msfeedssync.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7600.16385_none_23376bf5921e7b63\auditpol.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_3b3f55233d47d4f2\gpupdate.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-ieexec_b03f5f7f11d50a3a_6.1.7600.16385_none_7dfc94f7357c56d2\IEExec.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_160ccc8a92fae520\winrs.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Speech\Common\sapisvr.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_eventviewersettings_31bf3856ad364e35_6.1.7600.16385_none_50ecc9ae1d642aa9\eventvwr.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21\DisplaySwitch.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\diskperf.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\fsquirt.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_e46b048a01806891\msinfo32.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicepackcoordinator_31bf3856ad364e35_6.1.7601.17514_none_92e727843e307e1b\spinstall.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_5197fbf234706563\aspnet_wp.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\msil_addinutil_b77a5c561934e089_6.1.7601.17514_none_1a816bc7556b71eb\AddInUtil.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_d03cc6bce93bce83\TapiUnattend.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17514_none_736d5be520319b24\tzupd.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..-coreinkrecognition_31bf3856ad364e35_6.1.7600.16385_none_498d334c14a3b9bb\hwrcomp.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_5f774c61592c67c3\netsh.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_e6af0acbde467b7b\aspnet_regiis.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\servicing\GC64\tzupd.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\AddInProcess32.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-robocopy_31bf3856ad364e35_6.1.7601.17514_none_252d34f00303c6fa\Robocopy.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ConvertInkStore.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-compact_31bf3856ad364e35_6.1.7600.16385_none_f9cb90ee16e61ec6\compact.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\doskey.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_6.1.7600.16385_none_fd9ec705e687f8c2\WMIC.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_d6fc8d83d55eb77c\dpnsvr.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\TabTip32.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_67910dfbf63c4aae\diskraid.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\ehome\McxTask.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.1.7601.17514_none_b8bffa4921e2a435\mblctr.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574\OptionalFeatures.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-robocopy_31bf3856ad364e35_6.1.7601.17514_none_c90e996c4aa655c4\Robocopy.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_e2a1ffe0ca40cff2\recdisc.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\Setup.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_963528f4b7e5d0fd\wordpad.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\typeperf.exe-	de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\de2375cdac81186fe214399e3e59c1d1_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
2.5MB

MD5
87037e93cf63ba6c1a45a46196da6616

SHA1
a39b5ce3afb87fabbae923645daf09c5895ba219

SHA256
87b6b3df210e258d633a70b1808f4c5d9429c7623e5091f88f98186478f88b9b

SHA512
c8c0db01a6b9e0a445baf779af5dbe85e2b4aee88711206cc60e95dde189c3960898a35b5150052bd654ee83f36c0eb601b1272166e2f239301c5cc75f44d3ee

Download Submit
memory/2080-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2080-3656-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2080-3657-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2080-3662-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download