b9f6149145d54bd6d163c704a2bfee4ddb7dc649a64e88736a252feeb3f84bb1

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
Size

160KB
MD5

7be65bafc6b8d31ed1b890a66a204bfa
SHA1

925d1a24162adaf99710014d9a378f585a891158
SHA256

b9f6149145d54bd6d163c704a2bfee4ddb7dc649a64e88736a252feeb3f84bb1
SHA512

3947e4caf86dffb12e751dc9422f82c724acf9b0bcb3735d84b9e563765132103337e6f39dcd95c14ad5c787c8ac300ea2940d6547222dbb353d25ff90ebb11c
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeE2B2I4czVg:aM7jJlRexYTHYZMLBZvg

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot slut with a big dildo.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy star kate hudson nude.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty brunette getting hard jolting.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\spread blonde with woolly pussy.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nude.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sweet teen lesbians licking snatch.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\brazilian supermodel adriana lima.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN Flooder.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\shy teen draining the juice from 2 cocks.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\bottle blonde tramp sucking a dick dry.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\head rooster pimping hot little tender ass chickens.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\an ebony shemale showing her hose.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Yahoo mail cracker.exe	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nurse in pink showing her healthy bone slot.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\japanes girl getting it from behind.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nice facial cumshot for slut.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal preteen porn anal fisting.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes with an assortment of delicious big juggs.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honie displaying raw pink ass.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur babe showing pink.mpg.pif	7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7be65bafc6b8d31ed1b890a66a204bfa_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe

Filesize
95KB

MD5
2780dc32633d1227c09ce6f3e9b8a17f

SHA1
11098c67d2fe9f2ef7700a5c46f90271bfa208ad

SHA256
b45b3aab22540ee6a5833598126f85eb8ca42df6a5099c7d0300644ee67e58c4

SHA512
d8fe59d5df700f01dbf62fbe67aa70a672717a01480f973be7b60445e28501a0fe5ab35f89efc65c20b94da11675c551f9ee6dbd502c65e8526019959efbb3fe

Download Submit
memory/4788-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads