Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27/10/2024, 22:32
Static task
static1
Behavioral task
behavioral1
Sample
7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe
-
Size
614KB
-
MD5
7646a52f439e5f5a9bed9eb26b0f27c2
-
SHA1
14dc02d98f2bc3cfc10f60c810b00a4c35c4eeab
-
SHA256
90a2b693c05d9aecaa42e3e75ef8028bcc8dd7c55e476fbf8dbdfbe4b3b07030
-
SHA512
13d8777acfcff520a07f1af6c74b40e2b49e87e49884e765218cfea9063d0d9e8b39854ac6c0f70475164b21dc381b456ae269c4a7194e50b09dd1a4a09ba12f
-
SSDEEP
6144:hr0SYomWS//JmcZiWE58TR45SYomWS//JmcZiWE58TR4:nYomWS//JmcE2YomWS//JmcE
Malware Config
Signatures
-
Renames multiple (1110) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 7 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00c.inf_amd64_neutral_79ebe29715d2fa47\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_neutral_47406488f9e8d5b8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_neutral_12aaf5742a9969da\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpj4680t.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\Microsoft.PowerShell.ConsoleHost.dll-Help.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\it-IT\Licenses\eval\Starter\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_neutral_5766736c47b90fff\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremium\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\es-ES\lpeula.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\UltimateE\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremium\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\de-DE\lpeula.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicE\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomeBasicE\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00f.inf_amd64_neutral_a5f6001b957bd7e0\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnne30a.inf_amd64_ja-jp_b2245ba886355a9f\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_neutral_30b367f92ca46598\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Professional\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Enterprise\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\it-IT\lpeula.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\en-US\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\Microsoft.PowerShell.Commands.Utility.dll-Help.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_neutral_560c956da9bcd8f5\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_neutral_2e4da8629fc5904e\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_neutral_413d17c790177eef\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterE\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\imekr8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky002.inf_amd64_neutral_525d9740c77e325f\Amd64\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc8100t.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\it-IT\Licenses\_Default\EnterpriseN\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnky307.inf_amd64_ja-jp_e40bd14f18e8ff7d\Amd64\KYW7QUR6.XML 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_neutral_7617862a9cc286da\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_neutral_45152a8a9362fb82\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netxfx64.inf_amd64_neutral_3336ecb2950fdc45\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\com\ja-JP\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnle003.inf_amd64_neutral_c61883abf66ddb39\Amd64\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateN\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnkm005.inf_amd64_neutral_c03c9e328608873e\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremiumE\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jmobddgjjlobbdgg.bmp" 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Adjacency.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0315447.JPG 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\Management.cer 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLow.jpg 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Chess\es-ES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Windows NT\TableTextService\it-IT\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Media Player\Skins\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\RenderingControl.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145168.JPG 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL010.XML 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Austin.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\keystore\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Windows Mail\it-IT\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\FLYER.XML 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\msadc\de-DE\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24Images.jpg 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCINFO.XML 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7601.17514_de-de_e662f6f8b87f49c0\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-windowsfirewall-adm_31bf3856ad364e35_6.1.7600.16385_none_e6508032a8d2c091\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_prnhp003.inf_31bf3856ad364e35_6.1.7600.16385_none_2fd781a76c9dcc13\Amd64\hpl7400t.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_es-es_154a2a1e5da92fd8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c9175f8#\7600f870ebcc661f412ab16465a64647\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\PLA\Reports\it-IT\Report.System.Performance.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_a4edd7cbf6df1658\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..trols-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1bd0fedc558adab0\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-mlang_31bf3856ad364e35_6.1.7600.16385_none_bd28e772321016e1\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-scrnsave.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d598d3cd12fb8c9e\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-alg.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_df6e5718e33fb3ee\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w..installer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc6e4eb2f75bef81\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-powercpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_89feb5e516623aa7\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_msdv.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_54597187aba44419\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_714c27547a5743d8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-x..ollmentui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6782f91fb8e619ab\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_it_b03f5f7f11d50a3a\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_multiprt.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_321f07583d5d02b1\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v3.5\1031\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-dskquoui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d877930ae4f915da\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-28599_31bf3856ad364e35_6.1.7600.16385_none_551e35354591cbf8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..up-prompt.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e6bfaf39ccd1f2e7\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..sframework-inputdll_31bf3856ad364e35_6.1.7600.16385_none_b88be45adf067b29\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.7601.17514_none_bac5319939f7951a\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-iis-metabase.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7ba1225e43947422\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-autofmt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_87dfc08290500927\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1543c3c503d80bbc\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\Speech\Engines\SR\es-ES\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..nmove-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ff4e4eb0a98b94e1\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d411ac56d039353c\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0a02574e799f5bf\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnep004.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_70dc8bec5fab3095\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_devicepairingproxy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dccc313b2f493e49\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-a..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bec88761433f76d6\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_05418eada7acee76\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-fax-service.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d963b11c024eb424\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_811b377c89d18189\license.rtf 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnrc004.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b1922a3d439d9ff8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_ja-jp_91dad42d6dd1ea26\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmlasno.inf_31bf3856ad364e35_6.1.7600.16385_none_dea8b5e2e5831811\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_76c538b8c1054321\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-n..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d0d72f2fd04aa217\Report.System.NetTrace.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sud_31bf3856ad364e35_6.1.7601.17514_none_05cbfa317289b4af\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ipsrom.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_046c078df2caf5d8\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_prnkm003.inf_31bf3856ad364e35_6.1.7600.16385_none_50766fcc42797a9b\Amd64\kom4650X.xml 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ba2335c8bba30fbf\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-where.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b00593198fcde668\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_591723b1077e8ad5\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_47f32bdf2bab3be3\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_102a16b698e56faf\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a72ced2c5e567955\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a40ab2ab37f0dc92\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.1.7600.16385_es-es_55c9a92765e4c2e2\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.1.7600.16385_none_7b3ca813cfe4f480\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..edstorage.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_71755af76007c973\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnnr004.inf_31bf3856ad364e35_6.1.7600.16385_none_ba2d2131f8a32d84\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f13915ba69521161\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-print.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6a78ab990b8a97c9\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prngt003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4e7c585ff6bf2b39\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-scheduleui_31bf3856ad364e35_6.1.7600.16385_none_d0b7a7aa2b6c0a20\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-u..-core-tsp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9d068185288626a2\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..p-ui-libs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ce5db44c767b79e3\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AUBYUGMEGMROSLL 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AUBYUGMEGMROSLL\DefaultIcon 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AUBYUGMEGMROSLL\shell 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AUBYUGMEGMROSLL\shell\open 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.5043 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.5043\ = "AUBYUGMEGMROSLL" 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AUBYUGMEGMROSLL\ = "CRYPTED!" 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AUBYUGMEGMROSLL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0wi87Y962nNss4s.exe,0" 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AUBYUGMEGMROSLL\shell\open\command 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AUBYUGMEGMROSLL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0wi87Y962nNss4s.exe" 7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
905B
MD54f96659ec995be3d93c06fe39c89e3df
SHA11f7357fc113e519f6547f5e7742583426ee89c81
SHA256882ac9bf649bee58fe58513e5a91fc301c08a988df83baeee56968538848e1fd
SHA5124cd5e53044785973d2ebc54ae49a1e101fa42198cbaba1c9eb7d30e7787b06ccec690f068d598aa0a4a1244d1cb8b036e75534c7764d911212039fbe71d7c3db
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML
Filesize582KB
MD53d092a28bb781e04a18725245ccf70cf
SHA1720b8f2bb75159adef44dd037f6affd1e6e30529
SHA256f4f98667ccd177161dd61d2a8f86e670e335ab0a7cdc101df4df23903bbd1780
SHA512af3e890029e751a874ba7425bd22aa4193544c431e2c91b3a8bde61bf09cbb2f6b382609621b58ccf8fdcab0da6a567ad4540c5938d5cb21df1980de42370a41
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD56b0a643f7a962c8b87a025b991afd1d9
SHA15fec7e23ed218bfe59d2595d2dea485baebfa188
SHA256e219d9ed12fed8a2d1a4f06fdfbde68ad1ba8d1affd83cacf73c78885f986482
SHA5128b3f753788a7e85b0d63b6a7d7cf0f1900ca68de12b8466bc25fc5565addcccda22e66c442fe9ef3d04c105bcd0a819247bb16c7b0506cdc762fc43ed2a64626
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD56e785c3e3feddf613aad94a571eb70c1
SHA1aae74e752fc9211cc69b42040718f0adb237013d
SHA256707287a675a38a306b811870549940bf483d952f74edac2dfa5e69edbdd903ac
SHA5121ca744f7222ed18d1f31d9d79ce0ecdd6a0208a2fcf422ac504f41c1793e6294a6a7c2d568bb4b39cd1aa21326ecf27b33b1f9df5e2d3cf98275e656379e2422
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD548e0392bbbfbaca4fca83ee2b91b05c0
SHA1b735cc0685daa6821b03ebb64992e15c62310951
SHA256c9405746f7522f7bc375f15a10de569c878132c7f004b5150c709a3d110bd5a6
SHA512154e3b80a05bc1f7c6777f535d75d69950aaebfdb4ba79ab449c58a95fead685b56d859eacd15ffa10be8f29b1221e13c2aaf2e7a0ee600c56eea66ed254ab6d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD5972380fdc707fd0ca23b4ed737dd8156
SHA1d019b2639af6987cdf41db1c528e67a7a80b7cdf
SHA25609acf8188f5c9121339dbe1a8386aaa79f18b1c0e0a9ebf93f27c1cdcb03863d
SHA512b9845270c586dccd2aa37ae43a7524985025d4056c93779f9e60254903772387c757b7b303ecba702da29a6e79456c4db3876ea529fdd290bbb9f414c9fc09bc
-
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml
Filesize247KB
MD5ea24349de7dd6d7c0a61ef2f4fa291f8
SHA1d203d1ce2fd50d46da56a13c8f6a1dbacdfa7253
SHA256d1cbed4dc15b4294158a0e4d91de820287f9945512883edfef4d4ab9a3b711e7
SHA512b3df736e4f940637895657a14c310638d66fb679c9f8eeb2d2664b80be719135af4c1217ebc9b1b32b7147d530b325dc93fb10db9a65d5e3a3cc18cbd978ef5e
-
Filesize
807B
MD532426febd3c0f282c93b96cbed6d1a7f
SHA1e767b75d6d842d82ac9f78aee9d8d931456b9ec7
SHA2566e9c748b6662d8e46dd5ea14592f81dc09a779402d41e76adcec81d22552b953
SHA51277fb825ac88dc4149e559dbd277a72291548e52979ca0fcaf33935a0178e68e6dbdfaba9c62e1fb2cbb0d9945417a33cce3ebdc2d4bbf9536cc4d03e1507dda4
-
Filesize
806B
MD5312f1301e7579b1d45dc222b55fe9767
SHA1acdc7447d023c7cb15b61c43da2003734781cfd6
SHA25697b57596bbdf18d0c2cfe5f3a2e1b9e817ab67d661cad10f58aa582cc828570f
SHA512d46ae4636b4b0f301cee834f6ba835ba1d1d61f707360f7034ddbb5775a609ff67c9d82ab7cd3f0a78c4be34906b1622fe7caf1b3635580eb73a6803ee8dcbc0
-
Filesize
12KB
MD5ce370643d73f9dc1e5252de21ae927f7
SHA18652b7e97263730cffebdc7c59072a90c7e566e8
SHA256fcb7e66e3f6d6f4122880251aa9afecc20d7034753720ace24a39c7dbc227e07
SHA512a3b1d8c8b696320ce4214b91af1a901deb0a999104ae63dbd823bc4b06bf7178dcaa20a63eaa8576d6fa668f035310ac31d41e68e4e92c2776d926819e913321
-
Filesize
317B
MD5d41600f7da09bfc791dbc77409a22588
SHA19f89a9acab5ea66d9bfeda64432f146d8e0bc7ce
SHA256dc61d1875ef28521d0f9ae33fd5e6e0c8699f26e556a65832ec3f2364f2d51f6
SHA5127a91a8f9a595537d992fec9210d5b4985ff8d246e86d5a37d9e5511cbf447681c07451911469bd1b8011d47f5eb202004f763311c22f776aa29a7090f78f16a1
-
Filesize
21KB
MD5db9f1a58559f143c4a907a344b9ec6e5
SHA159ada49413804a765de81c073ee279c4e8645dd1
SHA256b866fac08c049d398b54f2e191eee3534169c49bb30894b7b9e8dd8c89ea0055
SHA5120b76a2ca4e469d10616ad1560cf0a240c534c145e423e642c792a5c1599d14afcfb9b5c93f519c7e3911dbe4f5ff792ca3564d64d4d19a39c1e79ac97e966b2d
-
Filesize
8KB
MD5b504273d017233f4b151846505f30e50
SHA1dc474e86c5316a4e76e50bc617c55c007a9048ca
SHA256df364d483baba875558703f8cd24952da1c619397b036d216283dfc8f862f3c0
SHA512836d43442622d748e5457a6c9df45828b3c144eda6728f4996c8a257293731ac4f736261037cfd67d58aeda9471c4c3d917a98069ed291c412359acdfe71fa11
-
Filesize
1KB
MD5c63e3cb361b7501d24a671130a7b481c
SHA10aa25458ae39266f4c3dd32fd2f51b9b64bf3f88
SHA2562ac09223e2bfa9abd6d1f975cd3dac383a02710ee8184b084b0c4d57d054d2a0
SHA51228e069714630dee8ce2f34c4cafc980933f6f218c94b8b5724dac0cd5bbce76292821250a43f54152b8e3103f87683ffa5c6fe84cc72df89780ce4fc9547f437
-
Filesize
8KB
MD5173276c633dd374114b638ebaa100415
SHA107b79ecf7aa8f9661dc60d006ce3c60d72cf11a8
SHA2567b546c76bcd4070cfc3279e4f2459b761643f5f64cb663f3004a33dd22e764cf
SHA512ac9a0b1031cdf0dc8cfcfd11618de4dcdb1d1f6dad811cd3bb5a75848245c4a5cefd7ac5aec8715c884f0411a4befc124a28f4fc464d8c51f1964a2138c34792