28b7a290b88816232c5d77098d6ab168181dba7871dff11c6b99b5b0fe7e7baf

General

Target

6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
Size

167KB
MD5

6941e80b5184c035c4880b26ba1b4ca3
SHA1

92fd508dbd290871e0b9a028de13ff37c35d70a8
SHA256

28b7a290b88816232c5d77098d6ab168181dba7871dff11c6b99b5b0fe7e7baf
SHA512

0e4377bd543c28017970e4f82292b3cd60217866ef329c0f4e8ba860326b097e103cd065c971e8b3e013c6833c27b48110c4c1e463c5f3f10d5d8baa7b1665c5
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeDQQyqJvA:aM7jJlRexYTHYZMyqe

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

Processes:

6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\hot mature blonde in stockings.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gorgious babe who quit school to model pretty pink.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honie with thick ass spreading her money maker.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur babe showing pink.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\black girl gets dildo wet.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Nokia Unloker (most models).exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde doing dildo outdoors.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal preteen porn anal fisting.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hard 3 way fuck in car shop.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\both holes fucked by a massive fucking machin.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy beautiful soon to be pornstar.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ebony spreading her pink wet pussy.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pigtail black babe with pretty boy.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty slut sucking huge cock.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\her taking a dildo right in the ass.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aol password cracker.exe	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot hungry sluts sucking cum for a line of coke.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\head rooster pimping hot little tender ass chickens.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot butt sex ..unbeliveable.mpg.pif	6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6941e80b5184c035c4880b26ba1b4ca3_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\siemens unlocker.exe

Filesize
91KB

MD5
7a0a0d8195912f9c26bd0aaa91b3cce0

SHA1
05236595f737607de317919344fdd11c45d11482

SHA256
6ca9af0d8614800c21c02c66bddc8e65e7d18bb721d3fae83ae7141e0dfc8018

SHA512
bc6aa90fead75746cdc57ffb9d33a4d0e372f56fe0bb03356f9a7d21769567d0ea9dbbef77caf81e06e58f40456465de75d0f66b30daf84ee69496bea7234779

Download Submit
memory/2512-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads