f0cb136f69c483573f73a82792f73469559927fa29ad38c324a05b2ea900ad93

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 09:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
Size

141KB
MD5

e2286c5bf911008b4f0d05e43ba895c0
SHA1

e9a003f165a57e55b983c632abfec757ab17c080
SHA256

f0cb136f69c483573f73a82792f73469559927fa29ad38c324a05b2ea900ad93
SHA512

d749786d482efe83bfa8f9a651e104a7669f0ab8a2884a8dcd0b61832796206bd969440444d3401d176a1d1ee08f341363b402b2fa9ea79c14fd6c1ad44327fd
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeaS1j:aM7jJlRexYTHYZMr

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\head rooster pimping hot little tender ass chickens.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\horny housewife looking for some action.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\trailor tramp pissing for you.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aol password cracker.exe	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur spreading more fine ass than stud can handle.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\fat grannies action.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\anastasia nude.exe	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur swinger babe sucking on a couple of cocks.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\brazilian supermodel adriana lima.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde beauty ass fucked.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babe doing boyfriend and his buddy.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\naturaly tan babe with gorgous body.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute petite amateur girl spreading her snatch.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes with an assortment of delicious big juggs.mpg.pif	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\win2k serial.exe	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e2286c5bf911008b4f0d05e43ba895c0_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\msncracker.exe

Filesize
87KB

MD5
aa092d8b558f20858c29d4a9ffb269e0

SHA1
c913138db8040006eefed16b0d72a1e7a70d9608

SHA256
84cd7f8e82bc209ad5209f471592528c81ce86731e7f8e909708b88da14a470f

SHA512
b17d3433354812f5db38b6cee304cd2cdbf596f749cf89aebd46c250ac76aa399bdd3fad191122e5e33edcacfe4507306b53c4174227926d38e52c98a425a9fe

Download Submit
memory/1872-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads