Analysis Overview
SHA256
a0d716d2ede2ba35c0bd65911fa65e9430fe58dbaf48e1526ede5dc71a572234
Threat Level: Shows suspicious behavior
The file a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:32
Reported
2024-06-13 06:34
Platform
win7-20240221-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\AOL.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\AIM Flooder.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\winxcfg.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\yahoo cracker.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\black dude gettin it with two white hoes.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\cute girl giving head.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\Website Hacker.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\AIM Account Stealer.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\hot babe showing her pussy and wanting a stiff cock.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\MSN Flooder.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe"
Network
Files
C:\Windows\SysWOW64\macromd\yahoo cracker.exe
| MD5 | 96aea81c8d467da65998e6fbf19f65df |
| SHA1 | 87cb01526a00ee235eab88370a07b93c0bc69310 |
| SHA256 | bca5404c1a849aa3c4959b9682e478affebb05e4944295f4e6257aed1bcf6c0f |
| SHA512 | 25e2db557b7664f522991272cd4c5ecd50a2339c5c45b87b235381f2312929a88ebdf40e5dd54c60cd602605fc8b56cbb85a3c4c245846d88f88ff6c8cb67688 |
memory/1652-33-0x0000000000400000-0x0000000000464000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:32
Reported
2024-06-13 06:34
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
54s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\macromd\Flash Golf.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\older blonde showing she has the goods.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\divx pro.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\hot hungry sluts sucking cum for a line of coke.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\violent preteen gang bang illegal.mpg.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\hot tomoli lathering up sexy body for boyfriend's tongue.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\two sexy blondes share a cock.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\kinky banana in pussy.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\nude.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\shy teen draining the juice from 2 cocks.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\sluty cock sucking chick.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\chunky broad with a hairy well used ass.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\winxcfg.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\pamela anderson nude.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\hot busty amateur babe stripping and spreading.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\little chicken shy about exposing sweet cunt.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\beautiful blonde gettin an anal fucking.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\plump brunette using her finger.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif | C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Windows\SysWOW64\macromd\Flash Golf.exe
| MD5 | e147180d8ca65f8f83d60a34a8595765 |
| SHA1 | 74a098db667a5f6379959ebad977d5bee72c010e |
| SHA256 | 099521c3aa0c8d1c1bbc2a9213b48f381edb630a2b36de3fa4eca74792db97c6 |
| SHA512 | dc9dba908f965fe57a81448a8bb2d0532b5cd8cdc316822a3c39864310f7811cd6198a35916a6a35e77d40cb7d79d4baf26d97c78600ac7408bc8c21ad88d348 |
memory/740-33-0x0000000000400000-0x0000000000464000-memory.dmp