cc3e49965d15080ac5153392c6b72bdda6510213df5f0e566a2fc9a69685728f

Analysis

max time kernel
148s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
Size

161KB
MD5

744f92d1e3911425d49eddf931a9e09e
SHA1

1db577922235df7707e634befe5ee8e33b762c41
SHA256

cc3e49965d15080ac5153392c6b72bdda6510213df5f0e566a2fc9a69685728f
SHA512

fb77a7443a4341c539f1df95edfbdc9faf45f7815f1001e63fe870c829e67de78bb3657333755e56bbfd8dd52b6828fb721b92ccb738036fe591a4f3d013b38d
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoePa5na6/:aM7jJlRexYTHYZMPa5nas

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot anal sex for the first time ever.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\yahoo cracker.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur swinger babe sucking on a couple of cocks.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\slutty cum babes sharing a dick.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\movie of mom who whip hot ass on daughter's big cock lover.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hard cock cumming in her mouth.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\trio having hardcore fucking fun.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\some fine amateur pussy shots from behind.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two sexy blondes share a cock.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\beautiful blonde gettin an anal fucking.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\15 year old webcam.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sluty cock sucking chick.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aunt and nephew doing the nasty.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\genuine indian slut posing.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty teen posing in panties.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sister and brother gettin' freaky .mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\strange asian ass odyssey.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot busty amateur babe stripping and spreading.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen tied up and raped.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\744f92d1e3911425d49eddf931a9e09e_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:3580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Digimon.exe

Filesize
95KB

MD5
7f4f4de9a4f15ccca17309a92ddeaa8d

SHA1
b2d7830ca9d57c2f78faaa39975c0095d4d73bbb

SHA256
191fac6c6d14debd030f8481da6dc71cc16696a2d0fc9261e927b52ec37e34b0

SHA512
f5ea526d9b87516ebaf68f6729ac79fe3681ed3478505392c38adb4879522aa169890e99a91c604473c73a1284a1af903775f4995850a950344df1b564430097

Download Submit
memory/3580-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads