e95597e068a90a0d08083dafecfd52ed24f3f843614a84559e01a862438abe25

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
Size

56KB
MD5

44e04dbefaeb27f5c64c0c8083b4e9f7
SHA1

b6b1dc33988c4122bea24da038d89a65776c235c
SHA256

e95597e068a90a0d08083dafecfd52ed24f3f843614a84559e01a862438abe25
SHA512

45d626b9e7d31006061b522391f1bb7ce65653182adb006e81ab7f20b05bb4f4f52f108bad06fb113374232e0718ea30b92f6b2ad781d96d8d26ef72b9b5f1f6
SSDEEP

768:Wk1/qtE6d7bO0pH/7l1g7ZYmrH3qQJwZNUpf3r8i0E4/d+QfRJX:W4/qtEsppgJOSpN0E4/EA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
1968	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\bernie.map	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bernie.map	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\bernie.tmp	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bernie.tmp	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bernie.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\bernie.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\DVD Maker\DVDMaker.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\44e04dbefaeb27f5c64c0c8083b4e9f7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

Filesize
145KB

MD5
9d10f99a6712e28f8acd5641e3a7ea6b

SHA1
835e982347db919a681ba12f3891f62152e50f0d

SHA256
70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc

SHA512
2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5

Download Submit
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe

Filesize
1.0MB

MD5
4d92f518527353c0db88a70fddcfd390

SHA1
c4baffc19e7d1f0e0ebf73bab86a491c1d152f98

SHA256
97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c

SHA512
05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452

Download Submit
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE

Filesize
818KB

MD5
a41e524f8d45f0074fd07805ff0c9b12

SHA1
948deacf95a60c3fdf17e0e4db1931a6f3fc5d38

SHA256
082329648337e5ba7377fed9d8a178809f37eecb8d795b93cca4ec07d8640ff7

SHA512
91bf4be7e82536a85a840dbc9f3ce7b7927d1cedf6391aac93989abae210620433e685b86a12d133a72369a4f8a665c46ac7fc9e8a806e2872d8b1514cbb305f

Download Submit
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe

Filesize
507KB

MD5
c87e561258f2f8650cef999bf643a731

SHA1
2c64b901284908e8ed59cf9c912f17d45b05e0af

SHA256
a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b

SHA512
dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c

Download Submit
\Program Files\7-Zip\7z.exe

Filesize
544KB

MD5
9a1dd1d96481d61934dcc2d568971d06

SHA1
f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

SHA256
8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

SHA512
7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

Download Submit
\Program Files\7-Zip\7zFM.exe

Filesize
930KB

MD5
30ac0b832d75598fb3ec37b6f2a8c86a

SHA1
6f47dbfd6ff36df7ba581a4cef024da527dc3046

SHA256
1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

SHA512
505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

Download Submit
\Program Files\7-Zip\7zG.exe

Filesize
684KB

MD5
50f289df0c19484e970849aac4e6f977

SHA1
3dc77c8830836ab844975eb002149b66da2e10be

SHA256
b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

SHA512
877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

Download Submit
\Program Files\7-Zip\Uninstall.exe

Filesize
14KB

MD5
ad782ffac62e14e2269bf1379bccbaae

SHA1
9539773b550e902a35764574a2be2d05bc0d8afc

SHA256
1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

SHA512
a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

Download Submit
\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

Filesize
118KB

MD5
f45a7db6aec433fd579774dfdb3eaa89

SHA1
2f8773cc2b720143776a0909d19b98c4954b39cc

SHA256
2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a

SHA512
03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

Download Submit
\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

Filesize
97KB

MD5
2abe4614a5d80878832fc7e91c8a3146

SHA1
3808489961c56e3cf49f8791c152c7db1085107a

SHA256
259be6f52760b376a5b8b53211e5405fbf4bf2339b63d341df2dd9d7a7bcf041

SHA512
f461297fde475649eb6becf576a932b6eb65f102c3674cfbcd5d4c8027d23e38c46dc8abef0d53d0b6441f5630930d34ffb5706bdaf0c19ee6c4f2cb2e59edc5

Download Submit
\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.3MB

MD5
2161730a7ae00a1fb8c5020a43be949f

SHA1
8db6b820472cdfa266c874e0d3a9395412995aa1

SHA256
07e7896b2304e3b9966294a02d2ed32f41994ee7bd0a284e4160743edaeb9e15

SHA512
aa3659b6184f4273b7fcf1f7d2cd0a5a9129b8856d15e4ca8904b709e85cd432538ce0510ca9777760a1a9d5391671232a79908860e7d665260a54910f6fea5a

Download Submit
memory/1968-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-31-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-35-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-42-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-20-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-47-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-48-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-52-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-12-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-56-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-57-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-58-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1968-26-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads