15e9b415f8e0ddb2668c717396fc3dba2048139c1c901207bb983a047a2d1613

Analysis

max time kernel
141s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 16:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
Size

2.2MB
MD5

275c518d9c64950ddb70a3549e3bc17d
SHA1

154bfe17cca3ca778b44c3601a946fa82c00b635
SHA256

15e9b415f8e0ddb2668c717396fc3dba2048139c1c901207bb983a047a2d1613
SHA512

0df0d832d14dd1202713d7a943ef625ef98ac9d19725a52d4d35020f69b45081e93a6c5af8c1e473be1ec1aa1437ef3345dae651db8c7e583e3593665352b7e4
SSDEEP

768:t7iEg1+NidXmlP2YAaenXQ3WMpbViFq4/4k:t7j752oenXTMpZcq4/4k

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VMIntel386 = "C:\\Windows\\Intelx386\\VMIntel386.exe 256mb 32bit"	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Intelx386\PSEmu.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Sexo con una menor.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Shinchan screen saver.scr	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 5.0 (full version).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\MSN messenger 6.3.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\BsPlayer v3.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Fuck my fat ass.avi.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 3 (full version).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Follada brutal coño roto.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Dont Download.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Matrix Wallpapers.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\ContaWin 2000 (full version).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\RM2GBA.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\GBAEmu.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\RealOne Player (Full version).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\VirtualDub 2.1.4.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai Shizuka clit.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Chenoa en cueros.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hacha Profesional Edition.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual Studio (full).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\a pelo.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\VMIntel386.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\DivX 7.2 freeware.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\3D Movie Maker.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Resident Evil for GameCube.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Dont Touch.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinAmp skings and plugins.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WAV2MP3.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\GameCube Emulator.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\humor.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinRar 4 (with crack).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Mazinkaiser comics pack.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual Basic 6.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\No lo Descargues.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Solo para Maricas.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinZip 9.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\mugen (full).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai Evangelion Poker.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 3.5 (full version).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Silent Hill.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\German extreme violation.mpg.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual C.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Puta come mierda.exe	275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\275c518d9c64950ddb70a3549e3bc17d_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe

Filesize
4.0MB

MD5
c8be1616d5627e0ad2f52a1b87fb9d41

SHA1
6b2035908a700661f2d8b87a0ea613b52bd560a6

SHA256
49468c866ab79ad036d0e98376a76e2e7975d9fcfaa94a87103861ceb8470b09

SHA512
31d49a664afe3cce77492ab199c86567419fcabb37b6c1cffb1ded3a5668ff2c55c6d72502b8010d3da47f49eeb4d9ea759a3db622ce23059998ed62530710b0

Download Submit
memory/4712-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4712-65-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads