cc3e49965d15080ac5153392c6b72bdda6510213df5f0e566a2fc9a69685728f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
Size

161KB
MD5

744f92d1e3911425d49eddf931a9e09e
SHA1

1db577922235df7707e634befe5ee8e33b762c41
SHA256

cc3e49965d15080ac5153392c6b72bdda6510213df5f0e566a2fc9a69685728f
SHA512

fb77a7443a4341c539f1df95edfbdc9faf45f7815f1001e63fe870c829e67de78bb3657333755e56bbfd8dd52b6828fb721b92ccb738036fe591a4f3d013b38d
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoePa5na6/:aM7jJlRexYTHYZMPa5nas

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen taking off her panties outdoors.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\genuine indian slut posing.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nymph enjoys fisting all the way to the elbow.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\12 year old forced rape cum.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\krystal steal getting her bald clam filled.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen spreading in the kitchen.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy amatures sucking whole bag.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\horny asian warming her finger in her gash.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute teen with her hole spread wide open.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\older blonde showing she has the goods.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde doing dildo outdoors.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting facials and riding cocks.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\divx pro.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\GTA3 crack.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe

Filesize
73KB

MD5
3ea035af7b6e99a6def6dcdc5b2a538d

SHA1
220555bde135685e3e0c3316c2cc1c039e8103e9

SHA256
c0e150671363cd52a6e0991ed123402f98cd92358a3acb3a52bf1a31b3d278c8

SHA512
472416c4c445bf5848323ba70f35eafa1b5487d76125e8fb4393927fa2e65e0fe73f67b1f6b6382930ae536b47eb8a60f123092017326647b6c240f5339dd5b5

Download Submit
memory/780-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads