a8fb4651e71a3e720f8f801f3f411a8813da315f701bd9927346048c7b0203ad

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
Size

149KB
MD5

d271c09e09f8c9081482a0467a8aa243
SHA1

83d28e024a4a1833bf64caaacad4807847e831d2
SHA256

a8fb4651e71a3e720f8f801f3f411a8813da315f701bd9927346048c7b0203ad
SHA512

148277403f35433062bd47a19f40eebd8cf7a559426d2d37422dc0877225c195872219b1094f833bb3c38ecd066e81f7c8125a93045e50614dbb513c2648eeab
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08Moehs8teq5SIj:aM7jJlRexYTHYZM6VY

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\hot japanese office sex.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two interracial lesbians licking each other.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot girls who like cock but eat lots of pussy.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dude getting off in lover's mouth at party.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gorgious babe who quit school to model pretty pink.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fistfucking and how ide it goes.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot tomoli lathering up sexy body for boyfriend's tongue.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\uncle fred spanking his young nieces little ass.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chunky broad with a hairy well used ass.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two sexy blondes share a cock.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty blondie with cool ass.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot looking horny ebony teens.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\horny ass licking lesbians.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aunt and nephew doing the nasty.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\japanes girl getting it from behind.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Windows 2000.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen tied up and raped.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\win2k serial.exe	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d271c09e09f8c9081482a0467a8aa243_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe

Filesize
88KB

MD5
aa3b085c568c40666e3f7a3895a0a2f5

SHA1
5ffbd57786aa7d15ac5a4d402fb821f031fb443e

SHA256
727e6562e32eb59fcc21114f298f243d097b9bbfcdbcdb5cc4ea1448c056e2d0

SHA512
98e3f4f25a7d2b74f66e376e9597678840798e2f3344bd27405352fd335a6924d2d8c3354b71d711d98cffc953febafaa989d5ad7c5b12699d374e4202c3b0bb

Download Submit
memory/2748-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads