0db90c83b91f2545aa3f8853ee1763ae6441d498d4782c8994875896ac8f2a49

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
Size

165KB
MD5

0a95e50bab205a16fa319433aacbc6b4
SHA1

cab0aa2c7216158358dfbff44756e36364727c7d
SHA256

0db90c83b91f2545aa3f8853ee1763ae6441d498d4782c8994875896ac8f2a49
SHA512

dec91bef647f9d8a9900bb01b69ba8c7a16a532083db049e78fe3e353e5f60da1757b66f6b5f81fb33bc41fbf8637bd2097958f1e9736c7d817c9594eb1ca317
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08Moe0oNW3ygNo:aM7jJlRexYTHYZM0yJ

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\winxcfg.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy brunette showing her bod outside the house.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty slut stripping in bed.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aol password cracker.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty naked hentai hoes teasing.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty slut sucking huge cock.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pornstar aria giovanni .mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes with oversized hooters spreading.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\asian girls stuffed mouth shots.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two teen lesbians with dildo having fun.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pretty babe sucking cock on bed.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tiny teen showing her small titties.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot teens gettin busy in shower.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\anal fisting ass fucking and double penn.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\lezbos in pantyhose swapping tongues.mpg.pif	0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0a95e50bab205a16fa319433aacbc6b4_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe

Filesize
78KB

MD5
81617b8521c69d253277572817dc9bc0

SHA1
96ebfa2adbf09624722a2b1021a09304589964ac

SHA256
e6f1db24787a43c072455bd7da8535c44d88f7cb3bf7dca792677df9dcfe2e9e

SHA512
61998c48fb64cd15b431867105f150e8bc89e8d50b0d850a68a441ad5a10c5103ba08de15aa0fb18e14c949f7d13812e62bfe96ad04b4f59c9677f83f89750e2

Download Submit
memory/1876-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads