b9f6149145d54bd6d163c704a2bfee4ddb7dc649a64e88736a252feeb3f84bb1

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
Size

160KB
MD5

7be65bafc6b8d31ed1b890a66a204bfa
SHA1

925d1a24162adaf99710014d9a378f585a891158
SHA256

b9f6149145d54bd6d163c704a2bfee4ddb7dc649a64e88736a252feeb3f84bb1
SHA512

3947e4caf86dffb12e751dc9422f82c724acf9b0bcb3735d84b9e563765132103337e6f39dcd95c14ad5c787c8ac300ea2940d6547222dbb353d25ff90ebb11c
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeE2B2I4czVg:aM7jJlRexYTHYZMLBZvg

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\AOL.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ultra hot ass penetration.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy teen lesbians licking pussy.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde in jeans undressing and teasing her snatch.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson nude.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\first time anal and she loves it.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\beautiful blonde gettin an anal fucking.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\slutty cum babes sharing a dick.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot butt sex ..unbeliveable.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\happy babe who got 12 inches last night.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\twin sisters tag teaming neighbors cock.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\bottle blonde tramp sucking a dick dry.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot teens gettin busy in shower.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two busty sluts fucked in bathroom.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur babe showing pink.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\huge titty blonde taking in a full 12 inch cock.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two teen lesbians with dildo having fun.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tight anal fucking like you want it.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gay stud giving head and fucking.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\pamela anderson nude.exe

Filesize
72KB

MD5
1b10b5d845e15093d5ae1eb109fb5b6a

SHA1
412104532a7d89c5b3ac9e6397001d931dac3706

SHA256
362307ed13cb65846ca4cab5ed3b7860c7f3fd4275e4b944966ef266e783a25c

SHA512
a390c3f59e9349573cff84a96e798121f6efdc50aaa80909d81a2e44ce4152404fedfc8eb2d92f5f2ed76e26e2e794ee7467c766576ac448e11ab41a9a681184

Download Submit
memory/3000-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads