b7343e6e03bd3ee539d9102a31a3cff6d5835b9c416b7c857c4eef81b2be75a6

General

Target

6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
Size

167KB
MD5

6585f7a523e6a7e7df661507f7996a5a
SHA1

f2a4f16c449d856517fc3459c6f6105c637c46ee
SHA256

b7343e6e03bd3ee539d9102a31a3cff6d5835b9c416b7c857c4eef81b2be75a6
SHA512

bd9ef396638e6eb5842c43788bf9f4e4db4c44595f02465fefce38ed52876a91e13fea59d3027c00256c3d7562d6305b8c250b30252ab185ddfb80fa339c0b93
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeLlHz4+fxVhV:aM7jJlRexYTHYZMtzHfxfV

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

Processes:

6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\two interracial lesbians licking each other.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\slut mouth open wide to take dick in.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\redhead in red lingerie ready to fuck.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\asian studys how to strip.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dirty sexy shemale posing nude.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illgal incest preteen porn cum.mpg.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe doing boyfriend and his buddy.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Winzip.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\slutty cum babes sharing a dick.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde sucking and fucks outdoor.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimcracker.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\her taking a dildo right in the ass.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\an asian bush getting a cum bath.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty slut stripping in bed.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty babe in lingerie.mpg.pif	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen tied up and raped.exe	6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6585f7a523e6a7e7df661507f7996a5a_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\password stealer.exe

Filesize
89KB

MD5
dc8ae69bcf97b1beaa06bcbcb007202e

SHA1
93e3f15c70d5d3406b0a79e9b2aa792f44cf7153

SHA256
a1d18bfaa4d20c1962bd8a354bb2ec602bac5f891090b381c29ac112fd3d0c6b

SHA512
7eba18b6282ab7a19ce02d866e09aa0ec9f2a00955ad20a2e61266b545a924ec41a14afcf0aa0422466790f7f9c128334ebfbc0820f7ee67c2c13d3675ec1370

Download Submit
memory/4512-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads