27a6c4e81061b50a76d8c67b6d1962865e616fc2b2eb6ddf797e5fa33de1a149

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
Size

2.7MB
MD5

0deefc96ddbb211ce3b1b7cd4583f804
SHA1

9676f270c25232b5846085f79c80efc334f1ad30
SHA256

27a6c4e81061b50a76d8c67b6d1962865e616fc2b2eb6ddf797e5fa33de1a149
SHA512

2070f716e2825f85ee1bdaae8a08a61c16007b36d69b9055a499d5b9e4694ab687cc78e35e8721b9581250909f0c5648deed4ea2d3602648b1ac4f9b46c1edf2
SSDEEP

768:tks+cAXJpB2TgpZnjJHk/OxJ+oFEZEM/4l:tjrAX5NjJHJ+oFE2M/4l

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VMIntel386 = "C:\\Windows\\Intelx386\\VMIntel386.exe 256mb 32bit"	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Resident Evil for GameCube.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Dont Download.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\GBAEmu.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinZip 9.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Mazinkaiser comics pack.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 3.5 (full version).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Silent Hill.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\GameCube Emulator.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hacha Profesional Edition.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual Studio (full).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Matrix Wallpapers.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai Shizuka clit.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\RM2GBA.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\No lo Descargues.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Chenoa en cueros.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WAV2MP3.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual Basic 6.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinAmp skings and plugins.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\mugen (full).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\VMIntel386.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 5.0 (full version).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Solo para Maricas.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\a pelo.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\ContaWin 2000 (full version).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Fuck my fat ass.avi.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Sexo con una menor.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Follada brutal coño roto.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\RealOne Player (Full version).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\DivX 7.2 freeware.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual C.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\PSEmu.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 3 (full version).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\BsPlayer v3.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Dont Touch.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\VirtualDub 2.1.4.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\German extreme violation.mpg.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai Evangelion Poker.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Shinchan screen saver.scr	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\humor.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinRar 4 (with crack).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\3D Movie Maker.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Puta come mierda.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\MSN messenger 6.3.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai.exe	0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0deefc96ddbb211ce3b1b7cd4583f804_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:4092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe

Filesize
4.5MB

MD5
d2cfb9add9d72206820f5318b3d1419f

SHA1
ef8176c0aee736f70460786fd208a27a8a940612

SHA256
735e6f6f2e52a081baac5c3f7eae063ef0c98ba92651bd828769313bacaa1632

SHA512
d4c4d3d54531783bf53d79580605326ce27781f007339d7a48bc6a2f980a248137f0c18c17eebe2168c42f42acde749849d9e481bfed6ab8a8f6d9a5c816d1bd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads