5d366e03b932b004c3d44780bc676b89d0ed5144e282b9c5b5bb6c366af57299

Analysis

max time kernel
137s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
Size

156KB
MD5

c0815cc4bae358921598c5cf2a1e1789
SHA1

c8a247937d06bea19814aeb51285c9c082f4f2fb
SHA256

5d366e03b932b004c3d44780bc676b89d0ed5144e282b9c5b5bb6c366af57299
SHA512

e117fddeda249f6f96e08480b9cdbcdc48fd8aeedcb5b83c15050c7781b064f6c533cdfb48cf8a3d173520d4b696622e9119707c1d5ebfc288440fbc676b6c3d
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeL5qOYV:aM7jJlRexYTHYZML5qf

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\dude getting off in lover's mouth at party.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe with dick stuck between her ass cheeks.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gay super heros and fairys.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\bad gal being tied and bound.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\bigger chunky girl with huge tits posing in the buff.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes taking turns munching on hot beavers.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen with her legs wide and fingers in her wet cunt.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pigtail black babe with pretty boy.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Nokia Unloker (most models).exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen taking off her panties outdoors.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\first time anal and she loves it.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\spying on gals in toilet.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\play station emulator crack.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fun slut who let dude eat her off in jacuzzi.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gorgious babe who quit school to model pretty pink.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\her taking a dildo right in the ass.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aunt and nephew doing the nasty.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c0815cc4bae358921598c5cf2a1e1789_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\porn account cracker.exe

Filesize
70KB

MD5
d5329e98755f5445f15d102bdc7cd2a4

SHA1
a13abdaefa205a6f255881192765db1b76953842

SHA256
8f4d9a4537bf38925f027729505b963c89cf0305b713d13605a3376e50f25499

SHA512
e7b0e78f87503bd6dbf2a36c4691d6bb6c248238a36152fefe8026dbb71e02a12fd93a88fbff8949f582f87218734512cef89b22856ca4d19381d1ff96763d97

Download Submit
memory/3880-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads