Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
04/04/2024, 17:33
Behavioral task
behavioral1
Sample
be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
-
Size
83KB
-
MD5
be737db94c439bfc4d0a515623b6dec4
-
SHA1
2583359b3b1bb6adf7e56d3cac1cb16882f1e43e
-
SHA256
770fee20d3c1a372352fc4146a3e733729f0a8ad1f6431fc8293254fca927433
-
SHA512
5ca6c55c55bdc5591ee86022ffd538ee485826005e80bc7922001fb2d97fac5c40476e344c3e995533c9c66cf9453880f6b3b51bdf8e65b295199dee5a30144f
-
SSDEEP
1536:y4QQ6NSyM61l19piO+LV8YEoI/EU9RUe4mkZ5aBWcYRTszWFN+Edug3w:y4X6NSyfnpijeYEoIcq45Z5aBnYVswUn
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2192-0-0x0000000000400000-0x0000000000464000-memory.dmp upx behavioral1/files/0x00070000000144e9-6.dat upx behavioral1/memory/2192-28-0x0000000000400000-0x0000000000464000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe -
Drops file in System32 directory 27 IoCs
description ioc Process File created C:\Windows\SysWOW64\macromd\aimcracker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\pamela anderson naked.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\MSN.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\cute girl giving head.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\icqcracker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Digimon.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Yahoo mail cracker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\GTA3 crack.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\winxcfg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\porn account cracker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Universal Game Crack.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\play station emulator crack.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\divx pro.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
79KB
MD526bde54f8c0e9d32e9f7d8872654f1d7
SHA173fd7c8135e030feccd5ce3e2aac6ae5be1e06dc
SHA25665cf245fc453f0545027f9c8b94a45c72025fee4e3a2e83ac5b08fcac9952484
SHA512d5ec7b1ef63c0bb38bae5d5e8e552d758728840fa4904a9947d4d79a004e8926fedc8530b92d05e13f613c95df47400a091743c78ebad80247a793d8f7f22442