33219cd4f65f81157702da0342b445e1e37c12ff1185b4a37490a1109c8cc1a2

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
Size

148KB
MD5

a837c523e054fa250cfb82bf29dbd4e8
SHA1

2346ff05e21e0edff56d6be4bc2e94ad33e8176a
SHA256

33219cd4f65f81157702da0342b445e1e37c12ff1185b4a37490a1109c8cc1a2
SHA512

7bf3b635983e66e805ecf6a8f745bed07415cec376741f2c22aba55f3d6ed02930a1baa9405ef30c9df7eb7568c0ba3577fb2dfde39dae090eb1e9e6704fec9c
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08Moe/xqzChex7lW:aM7jJlRexYTHYZM/xqzCh9

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\uptown girl with great ass that should be illegal.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde with titts and cunt sending chills thru cock.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes letting dudes assault their furballs.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\yahoo cracker.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blowjob girl getting a sloppy facial.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ass ripping interracial fuckin.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde beauty ass fucked.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson nude.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\15 year old webcam.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute honie spreading flawless ass and juicy twat.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute petite amateur girl spreading her snatch.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\leggy babe posing in pink panties.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fistfucking and how ide it goes.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\movie of mom who whip hot ass on daughter's big cock lover.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\some twink ass rippers.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute teen with her hole spread wide open.mpg.pif	a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a837c523e054fa250cfb82bf29dbd4e8_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\yahoo cracker.exe

Filesize
83KB

MD5
fe08d0f6abebaedf9c9ef0e49f2ba291

SHA1
c6a0fbd06c1826e064ca0cb578d9bcf7f1377405

SHA256
aaa132f0e4bbcbcfcd85fb92178b06e6fd4a58e987524117aa1cd2c072134dac

SHA512
0f7f7944a9b18b333c50a4e3f0c1c4ce0129e980ac1c884721a601df0cefcb38def487fc10a0528cdc463dcdc7fd779d14b445776b496a2737addc3df242dcc3

Download Submit
memory/4828-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads