2294c297219c821091e6dc1437da911188d6f51f17b5d1f847e7637d4653d9db

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 03:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
Size

141KB
MD5

3db53b39e45c041832dd95fd614b15c6
SHA1

1a0b0c71d2b77723fbe5f2091f10d62ea8500cf1
SHA256

2294c297219c821091e6dc1437da911188d6f51f17b5d1f847e7637d4653d9db
SHA512

8b9f1e10ac176d63f9c91c99af35b427ac24cd56a89bee2366743d049559917492967a3407a1d88b9142e718ddab2ab6249e23385b7ec9fb26a7bdab69c675d3
SSDEEP

3072:ucaJvW8koHjmX+1+0cxxsWEsJ0ifXcIp08MoeS6wEEImv:ucaJuqVxYT52MZM3Tmv

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Flash Golf.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Napster Clone.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Yahoo mail cracker.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old on beach.exe	3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3db53b39e45c041832dd95fd614b15c6_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe

Filesize
82KB

MD5
dbe159af7dce4e6e7c57630dc4c22cfb

SHA1
097d2c3dbaefa0698069bc0a2c2aa9c137732747

SHA256
eb443e9a7154f2689749a05ca1a16e8d87903a7a5b29e865fbee74793e11f333

SHA512
259fdb879aba2673178975e1f0c39ed38672df6e2033af85f84285b506176ed9c566472d078c5885e88ce3c6ab62421f80ee55c4f9bc7b3ff48c092d3ae5e2e2

Download Submit
memory/4296-27-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads