9cb138fed16da0d232bdbdbfe3c5371bd8cfc0936b9b542ab5e91469a88636f8

General

Target

65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
Size

145KB
MD5

65807e9ed484ad3679db1be1f0b83bd0
SHA1

34625889ad69d2552b141606e5e97ba3649bafcf
SHA256

9cb138fed16da0d232bdbdbfe3c5371bd8cfc0936b9b542ab5e91469a88636f8
SHA512

92f8610e8d4c04aa43c20f3a55a159ff0e135e4f0d829a08642f09a063149c88c441786392c799df78566ecb4bfce7cf93ef392841bda99ca1725e2d7f139af4
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoevQfom:aM7jJlRexYTHYZMof

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

Processes:

65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\bad gal being tied and bound.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot hungry sluts sucking cum for a line of coke.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\naturaly tan babe with gorgous body.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hard 3 way fuck in car shop.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ebony girl with massive hooters.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nude.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\huge titty blonde taking in a full 12 inch cock.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot teens gettin busy in shower.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen taking off her panties outdoors.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe with peach shape pussy that needs it bitten.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hard cock cumming in her mouth.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty chick in hardcore fucking.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sylvia lauren showing her assets.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal preteen porn anal fisting.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes with an assortment of delicious big juggs.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif	65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65807e9ed484ad3679db1be1f0b83bd0_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe

Filesize
75KB

MD5
0fb24545c54325b4df57ae03f91f3976

SHA1
d8aec2f45116b54d5f9844b28160960bfba0794b

SHA256
e690db20e748b0d772d58cfe3c2cf55f3e3a3bfda5aaeced2f95a8b0213f124b

SHA512
94670899f586573a04432db568ee632d7a9b3163c20dd6b267da9ed2d4ff07bde813ba61715f3ad8a00ef37e12841584ed6203a0f8488b9148eaea7a704ee5c4

Download Submit
memory/3000-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads