43af29e0475d3ec4e95c654bb251ceb42111182a0fa6de70be52ea374ee2f381

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
Size

167KB
MD5

e1996d10a4ad9d5aacd70319d6eee419
SHA1

e02f0f2d6b09a271e88a22d64d3978bf73f15741
SHA256

43af29e0475d3ec4e95c654bb251ceb42111182a0fa6de70be52ea374ee2f381
SHA512

92d9bd1b6447fd2be0ebd986653c9e85759bcbeaa23abac6eb3bae61ad31b2e98567ef4c7622d6a8e450c34d1980b62d7ac1a929597289014d2ce9e593e2ccb6
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeCLsH/2fig:aM7jJlRexYTHYZMCLeuv

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\DivX pro key generator.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty chick in hardcore fucking.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy amatures sucking whole bag.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two studs fucking the hell out of a slut from behind.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\teen with her legs wide and fingers in her wet cunt.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two busty sluts fucked in bathroom.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot japanese office sex.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\black girl gets dildo wet.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes letting dudes assault their furballs.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nasty teen posing in panties.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\movie of mom who whip hot ass on daughter's big cock lover.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\action with three chicks getting it on with a guy.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur spreading more fine ass than stud can handle.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\extremely fine hoine with incredible sweet twat.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur getting off in the mirror.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute teen with her hole spread wide open.mpg.pif	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e1996d10a4ad9d5aacd70319d6eee419_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\hotmailhacker.exe

Filesize
74KB

MD5
c3e7b94bae48c7fdc4e0b1cc01aefefd

SHA1
7f8d7b0ebdebd748c6d27eaf804dd4d4919a89eb

SHA256
2dc5e14ac66ec2c75d04b3a86df6da0ab6d37db660a9edcc5ebfbefbbf67c532

SHA512
ce3fdc27ea9899f77641686a1036fa8e0deae2f7cb1e1f3813ee9d46a81e5d88950e68f6414d6be91b9854c3dbce0803f1e3a3e0d66afe1894d4d7a8e636b168

Download Submit
memory/2932-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads