Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14-09-2024 14:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe
-
Size
6.0MB
-
MD5
e06d8c85b1ee09144e4078038eba0b58
-
SHA1
b8899e7c7f2330942afd674421c83f96f19e3dd6
-
SHA256
abe5b832ce9352416948435fbf4def1dcfdd17f407380a76a38205f7f7335542
-
SHA512
6a39a4c7ab38c9448829c721782b6b812392ba674e0f67c3a80b9d67c01681c5622d221b692c3451cb28f162e230b28c33089f8fadcaffbdc2dbeac902009f5b
-
SSDEEP
768:tks+cAXJpB2TgpZnjJHk/OxJ+oFEZEM/4N:tjrAX5NjJHJ+oFE2M/4N
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VMIntel386 = "C:\\Windows\\Intelx386\\VMIntel386.exe 256mb 32bit" e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Intelx386\Puta come mierda.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\a pelo.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\VMIntel386.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack 50 Juegos PS2.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\VirtualDub 2.1.4.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Dont Touch.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Fuck my fat ass.avi.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai Evangelion Poker.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual Basic 6.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual Studio (full).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\No lo Descargues.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai Shizuka clit.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\WinAmp skings and plugins.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Hacha Profesional Edition.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\German extreme violation.mpg.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Follada brutal coño roto.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Solo para Maricas.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Terminator 3 Wallpapers.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Shinchan screen saver.scr e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\GBAEmu.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\humor.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\PSEmu.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Lolita Pack 20 Pics.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\MSN messenger 6.3.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Sexo con una menor.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\RealOne Player (Full version).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\WinZip 9.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\DivX 7.2 freeware.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 3.5 (full version).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Resident Evil for GameCube.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Silent Hill.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Pedofilia pack 37 pics.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Matrix Wallpapers.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Chenoa en cueros.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\WinRar 4 (with crack).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\3D Movie Maker.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual C.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Mazinkaiser comics pack.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\RM2GBA.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\WAV2MP3.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\mugen (full).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\WinRar v6.11 (with crack).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\ContaWin 2000 (full version).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Dont Download.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\BsPlayer v3.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\GameCube Emulator.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 5.0 (full version).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 3 (full version).exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e06d8c85b1ee09144e4078038eba0b58_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4228
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.8MB
MD5e0fba8a45d77135561987a17d8c01344
SHA1599e9059176fb2e193a2caf47c8da3cebd194565
SHA256df96915488ac67c1b83322b3d1adfd1f31560c2b99063e7714ad642590ac1c61
SHA5129839a5413d6c06e6d455c131fc5ebcfaf8a8585be80decc78d72f7d32ebd4962e45aeb5cd794cfd857aa77b5c10e05f455ce395c66763db2719d230c11bfd8b7