84a957abc68d755a82dcc516cd83d6eb1e8a2436f7f24068598549af81fa9c56

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
Size

150KB
MD5

268ae14be23004ab06a008ba58f0c5f0
SHA1

c4d576e38703db1145c5b8c169d82eccff8f2365
SHA256

84a957abc68d755a82dcc516cd83d6eb1e8a2436f7f24068598549af81fa9c56
SHA512

c0d581707457e5aa1ff106f22e60b609217f13a5ea05d7fd1debaad26157d3ccf0735532a4a476d42d26af96319b5839e186a89b729778bc6b9e95cfdaae6047
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeUhfj5T:aM7jJlRexYTHYZMUhB

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aol password cracker.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\some fine amateur pussy shots from behind.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hard 3 way fuck in car shop.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\crazy old man playing young teen.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\showing some hot girls share cock.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\strange asian ass odyssey.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\senior blonde fucking and suckin like a teen.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\first time anal and she loves it.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sluty cock sucking chick.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\horny asian warming her finger in her gash.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\GTA3 crack.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fun slut who let dude eat her off in jacuzzi.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two busty sluts fucked in bathroom.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\twin sisters tag teaming neighbors cock.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot butt sex ..unbeliveable.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\yahoo cracker.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif	268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\268ae14be23004ab06a008ba58f0c5f0_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe

Filesize
70KB

MD5
fbc50d5f72fc63d168f008bc50765960

SHA1
c89d3a8b1cf265452bbbfa8c1bda0328b18d149d

SHA256
6cff03b92c24b108b9c1cb419bae4733c665cdf8e5cb3b6c751a1a50b6a0479b

SHA512
998cb15158798e18bbf61a97386c2e95493706d7591fd46430473c9f3d4276f6be4817a705edc6541413fb5e37d5bb84301200e61b1118555fa3a13f3da4f5f2

Download Submit
memory/2460-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads