c24383df0c8dc9bf362d4de88ecfc6b4ebaef391812a7c32cf699dd7c36011c9

Analysis

max time kernel
67s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
Size

158KB
MD5

0a6bb8f684c8ac8ebb862ee35fb62bd9
SHA1

6eddc8f841e49271323728f6ab2fed10cc2be8fa
SHA256

c24383df0c8dc9bf362d4de88ecfc6b4ebaef391812a7c32cf699dd7c36011c9
SHA512

3558f5f33875c4e178e7b7f2aa12586771ba6998781c2bba3718c349a1480acc67e1090d92cb616fe4104ee17121a6a8dbeba4e8edaa142d223830ed03ceb9cb
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08Moe/TZ2ENV1iS0e2gQb:aM7jJlRexYTHYZM/TMSURXgk

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\Play Games Online For FREE.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty teen posing in panties.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde babe handfucking herself.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\horny housewife looking for some action.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot busty amateur babe stripping and spreading.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot butt sex ..unbeliveable.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\little chicken shy about exposing sweet cunt.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde on couch gettin tight anal fucking.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\play station emulator crack.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\DivX pro key generator.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes with great lips that knows how suck cock.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\her taking a dildo right in the ass.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\black dude gettin it with two white hoes.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\asian slut with puffy exotic lips.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes taking turns munching on hot beavers.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\shy teen draining the juice from 2 cocks.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0a6bb8f684c8ac8ebb862ee35fb62bd9_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe

Filesize
68KB

MD5
9b8b32d41345f38b595fc8fba66addb6

SHA1
4a7d08ff404dfcab69032a00cd4a190627de693f

SHA256
efcd357de601dd67b57efae3e5725e9ee17058ed2533e6e8db7dcd338e02770c

SHA512
cef2980efd26b5297d094ac12c55b8586f31c9d147e39fbfa4083df616e0499483cafc49c9fe9731e807095ccdadd728c5728ef239b2220274f764259ffca5b3

Download Submit
memory/4960-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads