5d366e03b932b004c3d44780bc676b89d0ed5144e282b9c5b5bb6c366af57299

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
Size

156KB
MD5

c0815cc4bae358921598c5cf2a1e1789
SHA1

c8a247937d06bea19814aeb51285c9c082f4f2fb
SHA256

5d366e03b932b004c3d44780bc676b89d0ed5144e282b9c5b5bb6c366af57299
SHA512

e117fddeda249f6f96e08480b9cdbcdc48fd8aeedcb5b83c15050c7781b064f6c533cdfb48cf8a3d173520d4b696622e9119707c1d5ebfc288440fbc676b6c3d
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeL5qOYV:aM7jJlRexYTHYZML5qf

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - bailey short skirt.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen taking off her panties outdoors.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\movie of mom who whip hot ass on daughter's big cock lover.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde with titts and cunt sending chills thru cock.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\black dude gettin it with two white hoes.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty blondie with cool ass.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe

Filesize
81KB

MD5
06c271596ce0e9a4148b2289683b4a34

SHA1
0292c4f14f3dd7fe8d9637a34f297fb7d9ceff8f

SHA256
9a9cd134e2a62a5bbd074507dc31fc9725fe87be4d0249e2b08ef400204458dc

SHA512
9a3bfa0543e713c45bae84bf41bc465699dbc16bce0c05e0f0973267d25a4e06bfaa202d70ab7cf89f37e4557c7ff4854cab3bfb68a23ac346ca3cad4fa66fa8

Download Submit
memory/1700-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads