943b3dbb1c293930246bf7cad79c560d3f10f7486501b9488016f41439a4e0d4

Analysis

max time kernel
93s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
Size

5.7MB
MD5

3746337cd0095fc9bf7c9ff4b131e4f0
SHA1

7decb984fc92fb101360cf445b6b04f4f8f4fd30
SHA256

943b3dbb1c293930246bf7cad79c560d3f10f7486501b9488016f41439a4e0d4
SHA512

d44c2ea9a36f70a292204dd66d82bc6cddacc5774615310d1afc8954db347dd90fdeba5015b190e1b57c47e2823d4e566d15a5de7031f87b2e788c7d82e05227
SSDEEP

768:tks+cAXJpB2TgpZnjJHk/OxJ+oFEZEM/4X:tjrAX5NjJHJ+oFE2M/4X

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VMIntel386 = "C:\\Windows\\Intelx386\\VMIntel386.exe 256mb 32bit"	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Intelx386\VirtualDub 2.1.4.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hacha Profesional Edition.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\humor.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\3D Movie Maker.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Resident Evil for GameCube.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Puta come mierda.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai Evangelion Poker.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\ContaWin 2000 (full version).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Sexo con una menor.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Dont Touch.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Matrix Wallpapers.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinAmp skings and plugins.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\PSEmu.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\GameCube Emulator.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\GBAEmu.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Solo para Maricas.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\RealOne Player (Full version).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\BsPlayer v3.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Dont Download.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Shinchan screen saver.scr	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai Shizuka clit.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinZip 9.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Follada brutal coño roto.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 5.0 (full version).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\DivX 7.2 freeware.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\MSN messenger 6.3.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Fuck my fat ass.avi.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\No lo Descargues.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 3 (full version).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Mazinkaiser comics pack.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinRar 4 (with crack).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Chenoa en cueros.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual Basic 6.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\a pelo.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\VMIntel386.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WAV2MP3.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\RM2GBA.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual C.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual Studio (full).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\mugen (full).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 3.5 (full version).exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Silent Hill.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\German extreme violation.mpg.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai.exe	3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3746337cd0095fc9bf7c9ff4b131e4f0_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe

Filesize
7.5MB

MD5
dea69f8587ef849198f0070b92a006ce

SHA1
4c7748347c7ddf3960af5ed272f14945e4447bf1

SHA256
1a7296e9f9f834cfe3990086f3777052daf2ca372701279c5535e6e52c63abe9

SHA512
1ef5006bd587706e783eac8698a8166c8956adc7467af4980e6dadd6ae4cfc9944abe6d1d913eae1dd1b6dd883437a721b38131932a2bd2b486f1db4bf1e3012

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads