b221e2d67b637e1de5bc3b661b392edee231dcfdf33751bcfb804047f1ff8b84

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
Size

197KB
MD5

1827ee595352acf91a2d7cb6f0a1447f
SHA1

da0fffca7d595b3a834ad980feb3e5b28728f335
SHA256

b221e2d67b637e1de5bc3b661b392edee231dcfdf33751bcfb804047f1ff8b84
SHA512

24117f0d57a69d8b04999a816fcb09a948886a62d7a87d2234f153b540ab2fe7ef3ea40baccf3221db46c12c36fbfb46f2dfcab4bac1d7666dc0b69f89815e80
SSDEEP

3072:O5sPGQe5sX6dehxxjq0Fp2XAdff3+Jg/P44xpflta2c935aJzS+6CYo/n:PGtsDPOXAdff3CgzuAN6C7f

Score

5^/10

upx

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drvinst.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\relog.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\userinit.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\comrepl.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\forfiles.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PING.EXE	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\w32tm.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winver.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Bubbles.scr	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\com\MigRegDB.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sort.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\userinit.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\svchost.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bthudtask.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DeviceProperties.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icardagt.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\print.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\RunLegacyCPLElevated.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sfc.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wimserv.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\at.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\eudcedit.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\perfhost.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Ribbons.scr-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup16.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\waitfor.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mmc.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PATHPING.EXE-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\proquota.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\systeminfo.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tzutil.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DevicePairingWizard.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sdiagnhost.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wecutil.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\mofcomp.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\calc.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mtstocom.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ssText3d.scr	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\SystemPropertiesProtection.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\typeperf.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\attrib.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\diskraid.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup16.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WerFault.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\compact.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\IMEPADSV.EXE	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\makecab.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\more.com-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\credwiz.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dpapimig.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\printui.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wusa.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cacls.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2536-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x000d000000012266-6.dat	upx
behavioral1/memory/2536-3657-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2536-3656-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2536-3662-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Journal.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Install\{5EB8F02B-573C-439E-BE36-635B3B6563D9}\chrome_installer.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\ieinstal.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7z.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mspaint_31bf3856ad364e35_6.1.7600.16385_none_ea12784c0842bfc1\mspaint.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\tree.com-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_63dee2821fc69fce\bridgeunattend.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_4cc4738d82efdf85\makecab.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_e2a1ffe0ca40cff2\recdisc.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sort_31bf3856ad364e35_6.1.7600.16385_none_07b314fa3333f10d\sort.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ShapeCollector.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\migwiz.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\write.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_6.1.7600.16385_none_b65cdbcf116dd7c5\WMSvc.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\icsunattend.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..-coreinkrecognition_31bf3856ad364e35_6.1.7600.16385_none_498d334c14a3b9bb\hwrcomp.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7601.17514_none_0a379bcfbdcffb74\PDMSetup.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-utilman_31bf3856ad364e35_6.1.7600.16385_none_028006129290e443\Utilman.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-whoami_31bf3856ad364e35_6.1.7600.16385_none_ce52d479e329be32\whoami.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-at_31bf3856ad364e35_6.1.7600.16385_none_a8f696109d958c5c\at.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_9da1b3254ff796e9\msra.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_b0540607b5e5d445\sxstrace.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_6.1.7600.16385_none_5da314d233bb2676\dvdplay.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\logoff.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_11.2.9600.16428_none_441eccc2f13eab51\iecleanup.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_f71eddfb459a0155\SystemPropertiesAdvanced.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\wscript.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.2.9600.16428_none_b436382b203656be\ExtExport.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_1457169844ae9574\msinfo32.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_e9dfd464f0c2ad1f\comrepl.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.1.7600.16385_none_5a9496fc0f35b80b\DWWIN.EXE-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_6.1.7600.16385_none_e47ee9c51ad9df17\ktmutil.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_0c19cef0ed2a642e\unregmp2.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_1c0dbd69636d746a\ieUnatt.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-es-authentication_31bf3856ad364e35_6.1.7600.16385_none_419312c477ec702a\EhStorAuthn.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_828666943772c435\msfeedssync.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_d9c7c4a2e721da7e\dpapimig.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WinMgmt.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.1.7601.17514_none_d0fbe940e38daf1f\wiaacmgr.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_1179f9944d0d9973\certutil.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\write.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe\Bubbles.scr-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cipher_31bf3856ad364e35_6.1.7600.16385_none_090b7101bec9a9e2\cipher.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_6.1.7600.16385_none_63df9c242588e5fc\rekeywiz.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_b45109ec45a678fc\WFServicesReg.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnpcont.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-xcopy_31bf3856ad364e35_6.1.7600.16385_none_62cc00cc559fd4ec\xcopy.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\qprocess.exe-	1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1827ee595352acf91a2d7cb6f0a1447f_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
1.1MB

MD5
993df6eeb04393bfbcb6f1570963fb9b

SHA1
4e6101a85a7fe9f0b34e9d596bb8eb4ba9f7f3d9

SHA256
2c76caa33221cec974e54fb84d2ef24fd6e7bb9d825effb5166501602b4f0732

SHA512
aade03f6f8795bdca3694e7a9037c6e08998270917d5a33bb7abd49add46db9deaf2c22514e94745d026a5e8484e8cb06ba52802cb3add944a77dbf5563e3a1d

Download Submit
memory/2536-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2536-3657-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2536-3656-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2536-3662-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download