Analysis
-
max time kernel
92s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27/09/2024, 11:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe
-
Size
2.6MB
-
MD5
fa5aa07317d380cbb491957a974eb55a
-
SHA1
bdc4ee9b672cd26ee3f231cb0a451130b072375b
-
SHA256
73eae421baf5651542ce37c12970c077aaf3220a5c81724b47577130c33b3145
-
SHA512
b6a7638f2f91636a05a6c81ca2058eb54d011237e9eef19f7fd1e199437bfbdbb9150647e8688c3d4c1e818104cb1027cb2d547e0de567978e40aac82faf8bcc
-
SSDEEP
768:tks+cAXJpB2TgpZnjJHk/OxJ+oFEZEM/4V:tjrAX5NjJHJ+oFE2M/4V
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VMIntel386 = "C:\\Windows\\Intelx386\\VMIntel386.exe 256mb 32bit" fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Intelx386\Fuck my fat ass.avi.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Hacha Profesional Edition.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\RM2GBA.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\GBAEmu.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Pedofilia pack 37 pics.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Resident Evil for GameCube.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\PSEmu.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Terminator 3 Wallpapers.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\WinRar v6.11 (with crack).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\VirtualDub 2.1.4.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\humor.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\ContaWin 2000 (full version).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\DivX 7.2 freeware.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\WAV2MP3.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Puta come mierda.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 3.5 (full version).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai Shizuka clit.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\WinZip 9.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Mazinkaiser comics pack.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\3D Movie Maker.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual Studio (full).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual Basic 6.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\German extreme violation.mpg.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\RealOne Player (Full version).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\WinRar 4 (with crack).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack 50 Juegos PS2.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Sexo con una menor.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Dont Touch.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\WinAmp skings and plugins.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\VMIntel386.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\GameCube Emulator.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\a pelo.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 3 (full version).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Lolita Pack 20 Pics.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Follada brutal coño roto.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\No lo Descargues.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai Evangelion Poker.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual C.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\mugen (full).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Dont Download.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Matrix Wallpapers.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Shinchan screen saver.scr fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Chenoa en cueros.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 5.0 (full version).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\BsPlayer v3.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Solo para Maricas.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\MSN messenger 6.3.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Silent Hill.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fa5aa07317d380cbb491957a974eb55a_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.4MB
MD5a0a4d10a3b35c0dad88c4a6f537b706c
SHA1b7a304ed81f9eab83a77644d5417897a2f4edfd6
SHA256a0c80969c7214bb1bb6a5d0e91e50972028e2380a8dc270e342e852165586c42
SHA51216de4adfdf6499a2b521735854dc0c5eabfca010050bf3cb9a6b53bb90ec16b88395766b358d87648f348784c6aa48fa9a67a30e23df9d48be5a5474def07ca3