8fd4054f6f4a904607ecf2750a222c6e3ca781122dcde4fa6838c27129b9a612

Analysis

max time kernel
98s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
Size

170KB
MD5

db0a0d1863eafd07f3aaed6ced1ff416
SHA1

3672251cb46fd4dae9b8a2aea2016a35eb3393f0
SHA256

8fd4054f6f4a904607ecf2750a222c6e3ca781122dcde4fa6838c27129b9a612
SHA512

813c242710ca323c9544af28282edceb8f8224a80850caccd4f81f711e6602484d5f9fa516c57425530cc890eb9283a438b8a8bac79603fee7a5297078234eb6
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeA5SBPi6Ag2dyDE4p:aM7jJlRexYTHYZM1P92IDEg

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\couple babes getting off with well hung dude.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two studs fucking the hell out of a slut from behind.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sluty cock sucking chick.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fun slut who let dude eat her off in jacuzzi.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\shy teen draining the juice from 2 cocks.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\uncle fred spanking his young nieces little ass.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty blondie with cool ass.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\brunette fucking in bedroom with boyfriend.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aunt and nephew doing the nasty.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson nude.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde showing her pussy to her neighbor.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute petite amateur girl spreading her snatch.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\twin sisters tag teaming neighbors cock.mpg.pif	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\db0a0d1863eafd07f3aaed6ced1ff416_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:3344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe

Filesize
90KB

MD5
f446fe9056c740c225aa451a191ac804

SHA1
a770bfa3b8ed155ca966e1885ba0c91136a9e52c

SHA256
41ddc97540cf3427f4b42aa2d92674f9421b44b423aefa6df981944d55f83ca8

SHA512
ed1c9a489309ba85fcc0026c76e3b7040cd535bd74ad68db93185edba17890367c951f04ff0eaf1b8961e11eeff8e3abd0917acd2cb19e46788f4eebc9acc19c

Download Submit
memory/3344-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads