28d63b8e168a6097e762fd396e179197c81cb708b933b35021d36ac8bc09daf8

Analysis

max time kernel
120s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
Size

4.5MB
MD5

44d381ede4d369b5f6231046a8e0a47d
SHA1

0e04075c8b4fdeaf90c0321d7975793af7072bb0
SHA256

28d63b8e168a6097e762fd396e179197c81cb708b933b35021d36ac8bc09daf8
SHA512

0eae53a8457da4a0f749d2975fd2e93c8f83753155082f13b11e5843757ac9c2cfe31dc03d40e55a785f1f35a03e99cee57aedcf234d7fde081551bc620d212f
SSDEEP

768:tks+cAXJpB2TgpZnjJHk/OxJ+oFEZEM/4v:tjrAX5NjJHJ+oFE2M/4v

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VMIntel386 = "C:\\Windows\\Intelx386\\VMIntel386.exe 256mb 32bit"	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Intelx386\Resident Evil for GameCube.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Dont Download.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\a pelo.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Shinchan screen saver.scr	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\GBAEmu.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WAV2MP3.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Dont Touch.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai Shizuka clit.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Chenoa en cueros.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\VirtualDub 2.1.4.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Mazinkaiser comics pack.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\PSEmu.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\humor.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\BsPlayer v3.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\MSN messenger 6.3.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual C.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Puta come mierda.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinZip 9.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hacha Profesional Edition.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\German extreme violation.mpg.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinRar 4 (with crack).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 5.0 (full version).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\DivX 7.2 freeware.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\VMIntel386.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Silent Hill.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\RM2GBA.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\GameCube Emulator.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\No lo Descargues.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\RealOne Player (Full version).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\ContaWin 2000 (full version).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Hentai Evangelion Poker.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Solo para Maricas.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Fuck my fat ass.avi.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Matrix Wallpapers.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 3.5 (full version).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\WinAmp skings and plugins.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Winamp 3 (full version).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Sexo con una menor.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\3D Movie Maker.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual Basic 6.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Follada brutal coño roto.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\Visual Studio (full).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
File created	C:\Windows\Intelx386\mugen (full).exe	44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\44d381ede4d369b5f6231046a8e0a47d_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:4208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe

Filesize
6.3MB

MD5
d16b56e997ffb59a1f288f4152632cda

SHA1
d0e5c981ed6de674dd0fc2eaaf06636ed287af81

SHA256
2ae6ca31b4a7976995a2a362305924d4bd35a969c61ba1ea35f021a90827347c

SHA512
2abfa4ab6d957988f9f1c9ccee87029c9dcd4cbe3032b9c9d391f5c241d32359e6bbc94d4aa5fec88cd362321ef4c04797e638da9ff526f2ac07a42edd14c3f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads