7932523f1afadfdfee2b1b688f03aa3745e468f4912036275c0f6dd919e5a378

Analysis

max time kernel
15s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 04:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
Size

167KB
MD5

c24b1f7c0b26669fbfc128db37fef8f2
SHA1

5c34e3d701414f4c6cf1a90c4e41c0fe374a5005
SHA256

7932523f1afadfdfee2b1b688f03aa3745e468f4912036275c0f6dd919e5a378
SHA512

80744992243b002a3289a2d58d12e1afb8d257aee18221358594be47889075ed588a9adc46d23dc4f7f352a3fc431af6bfd2b46d67535a7cd233088ff13e91a3
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08Moef72fslXeY++oM:aM7jJlRexYTHYZMfwst7

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\AOL.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\luscious babe with serious ass and firm titts.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\twin sisters tag teaming neighbors cock.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chunky broad with a hairy well used ass.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\15 year old webcam.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nude.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two studs fucking the hell out of a slut from behind.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes with oversized hooters spreading.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute honie spreading flawless ass and juicy twat.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot teens gettin busy in shower.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\12 year old forced rape cum.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde showing her pussy to her neighbor.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aunt and nephew doing the nasty.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\kitty-cat with horny beaver that needs licking.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\old man fucking young blonde teen.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur orgy at a swinger party.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur spreading more fine ass than stud can handle.mpg.pif	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c24b1f7c0b26669fbfc128db37fef8f2_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe

Filesize
77KB

MD5
2893518faa1e68ad358515e3db5ab8a1

SHA1
9bac2e7fe64331f797e84b8f3e0614ffab84710a

SHA256
eaf40495e0f340fec98143bc65d9642f3a26737da571dac56a6f084f7e1737b3

SHA512
2e3b2ef028306eeea8871bef78b0c34c8b0dd05dd475e290b5a41271ddb72f0875f8845125ad3353b0afeabd38954ff6ba7df81a0794b38abb3b805fc61f68b5

Download Submit
memory/1292-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads