acddfe90ac67a19bc1796ed7aa893372491c358310267f372670d08205df3a65

Analysis

max time kernel
141s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
Size

150KB
MD5

0cec0cbcb884f2679e851b2f48a4bef5
SHA1

d2531cf240ccff78bb11a79576a9302daf287877
SHA256

acddfe90ac67a19bc1796ed7aa893372491c358310267f372670d08205df3a65
SHA512

6af6c67157b858e9bf3e9282619423875824f01538efd8c3994a60ff8eae0315f2f1b922e10ffd73be33531512692523295ebc520765faa2b99a13cf5e39b033
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeZvHkV/34JFN86:aM7jJlRexYTHYZMKVPyi6

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\teen tied up and raped.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\first time anal and she loves it.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute young tart on a lucky dudes cum shooter.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty slut sucking huge cock.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\happy babe who got 12 inches last night.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur getting off in the mirror.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\15 year old webcam.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\win2k serial.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde with titts and cunt sending chills thru cock.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ebony girl with massive hooters.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Napster Clone.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\anastasia nude.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\luscious babe with serious ass and firm titts.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\3 teen blonde babes chin deep in pussy sauce.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\japanes girl getting it from behind.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\leggy babe posing in pink panties.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\schoolgirl deep sucking some cock.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes taking turns munching on hot beavers.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\some hard sucking and fucking babes.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Winzip.exe	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two interracial lesbians licking each other.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tenderonie who insist her pussy must always be free.mpg.pif	0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0cec0cbcb884f2679e851b2f48a4bef5_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\teen tied up and raped.exe

Filesize
97KB

MD5
f1bdde9f02b691f1b92878c5fab5611a

SHA1
bc45f8c00928e9c81c6e09a31d47329f2bec013c

SHA256
1bc9f9fed112f55d27c44f4c8c788eb6309f3e57c683ece9c26f48eb79d79a83

SHA512
669031d64788382f2961e8afd888152a76611a1d553ae9d4bc7dbef0dc227a51fbfe10ac59f3b55e87416509578482b746f3da21e7c4eb76e60ed04fc8f25c3c

Download Submit
memory/4776-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads