6074e26993a7a28d4527ec78e6dbb2a97711025dc9ee3788057cbe4551f3c105

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
Size

149KB
MD5

176f3c4b011b48649d3a655df5b0210f
SHA1

cea38112f7148dbd1647acf3bb68da989fffb916
SHA256

6074e26993a7a28d4527ec78e6dbb2a97711025dc9ee3788057cbe4551f3c105
SHA512

28b488fe1b38e391dffd5a049d603b40549b165c413dcc452f8311a92e7e6ef7b767005c032c0263c75f0a331be1c10a8316b2240476491afff1ff07da40f0d5
SSDEEP

3072:ucaJvW8koHjmX+1+0cxxsWEsJ0ifXcIp08MoeTfBkXMAWXDRZdmNHPGt115:ucaJuqVxYT52MZMTpkXM9TRZdTt1f

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\15 year old webcam.mpg.pif	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aol password cracker.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson naked.mpg.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\176f3c4b011b48649d3a655df5b0210f_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif

Filesize
72KB

MD5
12c0d96e4e9c3f5df4f62a1fc7fb3762

SHA1
92b27d77116b936870eaf01f579412f88a0723f1

SHA256
e67b4dc535fdf35ad9e84f0a787965ae247b94c939f9b3e219a55aff4e0157bf

SHA512
4e3c9ef3e2fa3c5f19277de42601122b3048039606d1b1b7575f43a384168b5c708b36a377d19144440818a60927cab1cbe208d20b06dda2e46bdeb9ec008f74

Download Submit
memory/4624-27-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads