Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03-05-2024 07:22
Static task
static1
Behavioral task
behavioral1
Sample
0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe
Resource
win10v2004-20240419-en
General
-
Target
0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe
-
Size
153KB
-
MD5
0ff83ec2931644a8e48bfc73cdf7494f
-
SHA1
c2d9d670c6131dd75a252b1e4c05ed06a0af4fcf
-
SHA256
5ca8160f4c833a400185c2787d70c249a3dcda1841c561c6bff4968f4d7d72fe
-
SHA512
093cb6c25e049359ed5fa1da91d34a06dbdba679b3697205cf2f856e722d4984492f01f43eecb4f154a639b3ffa311113ef9d9d06f6f7c0171ca816a743a8298
-
SSDEEP
3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoerrrvVg9B:aM7jJlRexYTHYZMrHVG
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe -
Drops file in System32 directory 33 IoCs
description ioc Process File created C:\Windows\SysWOW64\winxcfg.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\yahoo hacker.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\2 horny babes doing 1 lucky dude.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\illegal preteen porn anal fisting.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\dude getting off in lover's mouth at party.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\couple babes getting off with well hung dude.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\AOL.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\horny ass licking lesbians.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\hot anal sex for the first time ever.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Nokia Unloker (most models).exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\huge titty blonde taking in a full 12 inch cock.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\amateur slut with a huge gun.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\blonde beauty ass fucked.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\slutty cum babes sharing a dick.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\babes with an assortment of delicious big juggs.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\senior blonde fucking and suckin like a teen.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\drunk babes sharing a dick.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\blonde doing dildo outdoors.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\teen tied up and raped.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe File created C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif 0ff83ec2931644a8e48bfc73cdf7494f_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD5f3d7acd34cd44f3a6ce8d3c0db8f8508
SHA127199e703afaf06de59f6e2cbfa20a0c8e7fd89c
SHA256b4a289b0471bac4a5c7d05ba8eab6500eee7c79c02e71e87462c25cf0d028166
SHA51270c44fb55cca493007282593eecdca208d27f7b1e5d961947b1224e12c751c0a476f842239b1bff6707a88e3a4e8f54c2be31fcf3a12cfde32fa6d49c19a1d19