Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
04/04/2024, 17:33
Behavioral task
behavioral1
Sample
be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
-
Size
83KB
-
MD5
be737db94c439bfc4d0a515623b6dec4
-
SHA1
2583359b3b1bb6adf7e56d3cac1cb16882f1e43e
-
SHA256
770fee20d3c1a372352fc4146a3e733729f0a8ad1f6431fc8293254fca927433
-
SHA512
5ca6c55c55bdc5591ee86022ffd538ee485826005e80bc7922001fb2d97fac5c40476e344c3e995533c9c66cf9453880f6b3b51bdf8e65b295199dee5a30144f
-
SSDEEP
1536:y4QQ6NSyM61l19piO+LV8YEoI/EU9RUe4mkZ5aBWcYRTszWFN+Edug3w:y4X6NSyfnpijeYEoIcq45Z5aBnYVswUn
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1696-0-0x0000000000400000-0x0000000000464000-memory.dmp upx behavioral2/files/0x00060000000231f0-6.dat upx behavioral2/memory/1696-28-0x0000000000400000-0x0000000000464000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe -
Drops file in System32 directory 27 IoCs
description ioc Process File created C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\icqcracker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\divx pro.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\aimcracker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\play station emulator crack.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\cute girl giving head.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\aol password cracker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\siemens unlocker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Britney spears nude.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\winxcfg.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD520f458c954e5da3e48de04f3851d3b3d
SHA1bd0fe9b975427bb93f8fbcf403b6506c99f053ff
SHA2566957659a81333060c48b554f587c21a25367240d44f9860b5cf7ca499bfd964f
SHA512a0a4fd11bdd776701517811e4dc3990747940c265e823d31cc2387c0821a0bb65dbae196ceb444b90a6be863d453bb81723394c49fe7fa635c657f89b475466d