993c7758432f9b8ecc022931a3ec50a9ae5fcf7181ae54da2150b062e9f2fd4d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
Size

155KB
MD5

c01b5406166614811c30d8750f16bce6
SHA1

45457c676c170bf4f89f63c42641ecc425e95a0f
SHA256

993c7758432f9b8ecc022931a3ec50a9ae5fcf7181ae54da2150b062e9f2fd4d
SHA512

ec9a07aa7157f0624de2432569c59e74496bba0c292d59f88e1475ea9fc5017efa3a7a6e0118a7cebd020fdec15d8e4b6a1d29143bbf07896633cbd86d341826
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeB1KGaIo:aM7jJlRexYTHYZMtzo

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot tomoli lathering up sexy body for boyfriend's tongue.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tiny girl opening hole in crazy wish of cock.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute petite amateur girl spreading her snatch.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty teen posing in panties.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen spreading in the kitchen.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimcracker.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tight anal fucking like you want it.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Windows 2000.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe with peach shape pussy that needs it bitten.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy blonde teasing pussy.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot mature blonde in stockings.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN Flooder.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\crazy old man playing young teen.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c01b5406166614811c30d8750f16bce6_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\hotmailhacker.exe

Filesize
80KB

MD5
a75914160854ff4619d2f35d1dc99847

SHA1
df29e1125590965779059865e4ba67c0bf30892c

SHA256
3bd31175be612f25ddd4d6dee70a4a695d3c9422dc6e14b7226b1a43a24f0b97

SHA512
89869dc9cc8b7db81b06b4b6f06de1dc1fe2d6819480a3bda5c21914c99090df89445ffe65c95236d82d177ab8086cde67e7664557f13d590bf2e30a639f9bd5

Download Submit
memory/1316-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads