9c84f68c97f01c4e7acb53884bee3b15656fbea92e7580374fac5b406c669a9f

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 19:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
Size

132KB
MD5

a1e212fe8b0dc52cb4dbd26533361eec
SHA1

528a2c5f4c0af3b28cab40d58c0ac5e3f47cf71b
SHA256

9c84f68c97f01c4e7acb53884bee3b15656fbea92e7580374fac5b406c669a9f
SHA512

876b79f3efc56421e397aaca8e3bcd78e9be6ade1967741980c3a4790ff51db988f58edf5dfcdeecdaaa18a233bea0c933fcaa340f6017fbb38b8c65fa308afb
SSDEEP

3072:ucaJvW8koHjmX+1+0cxxsWEsJ0ifXcIp08MoegAH9W:ucaJuqVxYT52MZMFH9W

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Flash Golf.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\GTA3 crack.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a1e212fe8b0dc52cb4dbd26533361eec_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe

Filesize
61KB

MD5
3ab64056af2b6fcb4ca6124110978a95

SHA1
48910fd018faeb93976b6704c1c268b37b7bf0ec

SHA256
b33cef2aee3627ab6c1d6afcccc3c977c05345160653d60443161aafefdc21d1

SHA512
75a49c8ddb64ac6830f60b945bee864881f95524b947aa44c291c1bfea76d46dadef7017dfc3289d1d4135a89ccf748d42ce1fabb85aed3f247416a08f964908

Download Submit
memory/2620-27-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads