b7343e6e03bd3ee539d9102a31a3cff6d5835b9c416b7c857c4eef81b2be75a6

General

Target

6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
Size

167KB
MD5

6585f7a523e6a7e7df661507f7996a5a
SHA1

f2a4f16c449d856517fc3459c6f6105c637c46ee
SHA256

b7343e6e03bd3ee539d9102a31a3cff6d5835b9c416b7c857c4eef81b2be75a6
SHA512

bd9ef396638e6eb5842c43788bf9f4e4db4c44595f02465fefce38ed52876a91e13fea59d3027c00256c3d7562d6305b8c250b30252ab185ddfb80fa339c0b93
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeLlHz4+fxVhV:aM7jJlRexYTHYZMtzHfxfV

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

Processes:

6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\twin sisters tag teaming neighbors cock.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot busty amateur babe stripping and spreading.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honie playing in her cunt with newly bought toy.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\drunk babes sharing a dick.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\brutal preteen porn xxx.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nude.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\horny ass licking lesbians.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking wet pussy holes.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\password stealer.exe

Filesize
90KB

MD5
b92bb182b985dcd986387592c8d7c0ed

SHA1
99a7b88e6dfde9e94eb94512a56de7df3e389700

SHA256
0702277bfa9dd3c52ed1d0008b5d060cf02adfce17e648eb126cb12b6c92b40b

SHA512
059879deb9f20dee3fd8deb59b17104f2a487901f1ee017d3e304539b181e3c94f8053c9e58b702d815a7db63bbaab62c51ddaf2a2390d324a00b015d2e3a5b2

Download Submit
memory/1948-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads