Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28/09/2024, 01:27
Behavioral task
behavioral1
Sample
fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
General
-
Target
fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe
-
Size
208KB
-
MD5
fb3f1fd8261c4654ed6019fbbd841cdf
-
SHA1
d866bd01bb62f88b0beb40c0a4e2f2ed97c39383
-
SHA256
d95ea8267527e7eef5f5619a586c1e8d73b2f4e467d77596dc626c29cb3f44b9
-
SHA512
2674eb57d16c72d66a7cb372b9111692d954a195ea7d53030922f890ead77f3fcf9f41987636dff2c3963492aed7681fc3c4c8eebf7ac8013ef7c054ef3d4792
-
SSDEEP
3072:O5HKITkBXkH7FomiSlBEtZTRA+UT0xj4Sle/qGTCAyNeX:NITkBXkHNetZG+4
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\CertEnrollCtrl.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\ssText3d.scr fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\TpmInit.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\typeperf.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\ARP.EXE fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\chcp.com- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\find.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\msinfo32.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\xpsrchvw.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\SetIEInstalledDate.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\ComputerDefaults.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\grpconv.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\icsunattend.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\mtstocom.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\Mystify.scr fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\relog.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\SearchFilterHost.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\sxstrace.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\chkntfs.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\secinit.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\systeminfo.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\tree.com- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\wowreg32.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\autofmt.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\fixmapi.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\MuiUnattend.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\shrpubw.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\takeown.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\TsWpfWrp.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\diskraid.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\dllhst3g.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\label.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\regsvr32.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\SystemPropertiesPerformance.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\upnpcont.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\ndadmin.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\setx.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\lodctr.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\PkgMgr.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\systray.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\w32tm.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\AtBroker.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\format.com fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\HOSTNAME.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\MRINFO.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\vssadmin.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\certutil.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMESC5\IMSCPROP.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\unlodctr.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\sc.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\newdev.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\printui.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\replace.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\setupSNK.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\wsmprovhost.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\ROUTE.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\comp.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\tracerpt.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\typeperf.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\gpresult.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\iscsicli.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\logagent.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\SysWOW64\attrib.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/1732-0-0x0000000000400000-0x000000000040F000-memory.dmp upx behavioral1/files/0x000a000000012281-6.dat upx behavioral1/memory/1732-3660-0x0000000000400000-0x000000000040F000-memory.dmp upx behavioral1/memory/1732-3661-0x0000000000400000-0x000000000040F000-memory.dmp upx behavioral1/memory/1732-3666-0x0000000000400000-0x000000000040F000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\sidebar.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\misc.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jre7\bin\jp2launcher.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\uninstall.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Media Player\WMPDMC.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Windows Defender\MSASCui.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Mail\wabmig.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jre7\bin\java-rmi.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Windows NT\Accessories\wordpad.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Windows Mail\wabmig.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Media Player\wmpconfig.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\7-Zip\7zG.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jre7\bin\tnameserv.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Windows Media Player\setup_wm.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Windows Media Player\setup_wm.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Internet Explorer\iediagcmd.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Java\jre7\bin\javacpl.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Program Files\DVD Maker\DVDMaker.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_698e475b97512fc9\PushPrinterConnections.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-peertopeercollab_31bf3856ad364e35_6.1.7600.16385_none_f32a402a46d391f3\p2phost.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_00192601418cadff\wmpenc.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WmiApSrv.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\wmplayer.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.1.7601.17514_none_c3b917fd89d834f3\LogonUI.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-dw_b03f5f7f11d50a3a_6.1.7600.16385_none_5a768666c3091014\dw20.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_44263d819f0aa19e\odbcad32.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_6.1.7601.17514_none_ff178cca7f9d03eb\BdeHdCfg.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-servicepackcoordinator_31bf3856ad364e35_6.1.7601.17514_none_92e727843e307e1b\spreview.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.1.7600.16385_none_7c5b469993c3ad32\jsc.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.1.7600.16385_none_41c821eeeae8dea2\pipanel.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed\ieUnatt.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\relog.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.1.7600.16385_none_c9b9bfc685ed05d3\SystemPropertiesDataExecutionPrevention.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_160ccc8a92fae520\winrs.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\twunk_32.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-international-core_31bf3856ad364e35_6.1.7600.16385_none_459f562ff37206dd\MuiUnattend.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c\RMActivate_isv.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.1.7600.16385_none_3d715a438950ce7b\NAPSTAT.EXE- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\ehome\mcupdate.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\NETFXRepair.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22\diskcopy.com- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_ddef5417d55eb944\aspnet_regbrowsers.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-charmap_31bf3856ad364e35_6.1.7600.16385_none_f230138205aebc59\charmap.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\migwiz.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-label_31bf3856ad364e35_6.1.7600.16385_none_570561eb2b9c151d\label.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f\chkntfs.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_f0a5d809ca926e4f\makecab.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_eventviewersettings_31bf3856ad364e35_6.1.7600.16385_none_50ecc9ae1d642aa9\eventvwr.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-at_31bf3856ad364e35_6.1.7600.16385_none_a8f696109d958c5c\at.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.1.7600.16385_none_8d8925a444607f8c\reg.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_806f80a8aaa33dd4\sdiagnhost.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\rpcinfo.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-cttunesvr_31bf3856ad364e35_6.1.7600.16385_none_efd12d677fabca7b\cttunesvr.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\ehome\ehvid.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\ehome\McxTask.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7600.16385_none_b6bc1aae9d0693c5\McxTask.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-mcglidhost_31bf3856ad364e35_6.1.7600.16385_none_05a2b72417ec1c6a\mcGlidHost.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_0f49a133d6f5d42b\mmc.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7600.16385_none_48fe0cfd559f80ad\w32tm.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dispdiag_31bf3856ad364e35_6.1.7600.16385_none_a0d95afc49c833b6\dispdiag.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_dea50217efd0356b\msfeedssync.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm-configuration_31bf3856ad364e35_11.2.9600.16428_none_32a601ad2b7a554f\PDMSetup.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\HelpPane.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe- fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe fb3f1fd8261c4654ed6019fbbd841cdf_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5a74f6da73ac7410b2c971947d87322bb
SHA1bab94961f8225aeda58b8c0a0c334b4b0fba9db0
SHA256d8ad26496fe0920c9ba08b839cc0271b83ba7e3b745299c08af222baab5375d9
SHA512eb3dd82b8cc702b6cc8a7730ee6bbd0370d524516e19bf622abf4dea79be06c261d2a5548c0ed583f59673a098dbeaaa494058ab2b6c9b1ee47d142981e94fee