24bb6a555c87506ecc59ac5e109b5cf0647c6461961f46081f33fa77a554612d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 06:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
Size

142KB
MD5

332abbaca689de2013206fc97dfdaac0
SHA1

f398a7c63d97731350a050713b86d9241930779a
SHA256

24bb6a555c87506ecc59ac5e109b5cf0647c6461961f46081f33fa77a554612d
SHA512

dcac0e06e9662e011061c1d005f8048e3131895f5638ac6fa67d928a0a2c1a7ef0db18a04355587557f31fe4f04ab1e89872f101280590d6219a990891745b0d
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoerfSA:aM7jJlRexYTHYZMr6A

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\happy babe who got 12 inches last night.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\super sexy blonde showing her pink.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hard 3 way fuck in car shop.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\drunk babes sharing a dick.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\slut mouth open wide to take dick in.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Napster Clone.exe	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two teen lesbians with dildo having fun.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sister and brother gettin' freaky .mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old on beach.exe	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy babe drinking hot jizz load.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\girls with cock in hand and mouths fill with cum .mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Cable Modem Uncapper.exe	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes taking turns munching on hot beavers.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot busty amateur babe stripping and spreading.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde beauty ass fucked.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading extremely hot ass and furball.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\shanks who serve up smelly pootang.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimcracker.exe	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\momma's juggs that make you scream for mercy.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pornstar aria giovanni .mpg.pif	332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\332abbaca689de2013206fc97dfdaac0_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\aimcracker.exe

Filesize
79KB

MD5
aae70d18bf1e0aafbcb65a0f8097372f

SHA1
4fc6f61fdc73bc749e1fe3c73cf97ee297138a83

SHA256
386e527831746640b0f698b82a1365300f47757770d41aeeb7591f809e9b0113

SHA512
be346eca13cb319a51aa64c83ab96b941765a8001a118820a5d33abf0fd2c374442c1df78b969eeb30049033f1810a7e19300db9ed739667e35a41dec9402d97

Download Submit
memory/3968-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads