Malware Analysis Report

2025-01-18 01:03

Sample ID 240613-hak1sa1gpn
Target a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118
SHA256 a0d716d2ede2ba35c0bd65911fa65e9430fe58dbaf48e1526ede5dc71a572234
Tags
persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

a0d716d2ede2ba35c0bd65911fa65e9430fe58dbaf48e1526ede5dc71a572234

Threat Level: Shows suspicious behavior

The file a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Adds Run key to start application

Drops file in System32 directory

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:32

Reported

2024-06-13 06:34

Platform

win7-20240221-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\AOL.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\AIM Flooder.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winxcfg.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\yahoo cracker.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\black dude gettin it with two white hoes.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\cute girl giving head.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\Website Hacker.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\AIM Account Stealer.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\hot babe showing her pussy and wanting a stiff cock.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\MSN Flooder.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe"

Network

N/A

Files

C:\Windows\SysWOW64\macromd\yahoo cracker.exe

MD5 96aea81c8d467da65998e6fbf19f65df
SHA1 87cb01526a00ee235eab88370a07b93c0bc69310
SHA256 bca5404c1a849aa3c4959b9682e478affebb05e4944295f4e6257aed1bcf6c0f
SHA512 25e2db557b7664f522991272cd4c5ecd50a2339c5c45b87b235381f2312929a88ebdf40e5dd54c60cd602605fc8b56cbb85a3c4c245846d88f88ff6c8cb67688

memory/1652-33-0x0000000000400000-0x0000000000464000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:32

Reported

2024-06-13 06:34

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\macromd\Flash Golf.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\older blonde showing she has the goods.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\divx pro.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\hot hungry sluts sucking cum for a line of coke.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\violent preteen gang bang illegal.mpg.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\hot tomoli lathering up sexy body for boyfriend's tongue.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\two sexy blondes share a cock.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\kinky banana in pussy.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\nude.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\shy teen draining the juice from 2 cocks.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\sluty cock sucking chick.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\chunky broad with a hairy well used ass.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winxcfg.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\pamela anderson nude.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\hot busty amateur babe stripping and spreading.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\little chicken shy about exposing sweet cunt.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\beautiful blonde gettin an anal fucking.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\plump brunette using her finger.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a43804149f87f65a8f827aeeefaa34e3_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\Windows\SysWOW64\macromd\Flash Golf.exe

MD5 e147180d8ca65f8f83d60a34a8595765
SHA1 74a098db667a5f6379959ebad977d5bee72c010e
SHA256 099521c3aa0c8d1c1bbc2a9213b48f381edb630a2b36de3fa4eca74792db97c6
SHA512 dc9dba908f965fe57a81448a8bb2d0532b5cd8cdc316822a3c39864310f7811cd6198a35916a6a35e77d40cb7d79d4baf26d97c78600ac7408bc8c21ad88d348

memory/740-33-0x0000000000400000-0x0000000000464000-memory.dmp