fbf0166c65f54ff129cd59bb59c054d969870e46d62cf73b9e89128c591d5b64

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
Size

157KB
MD5

fdd7bce2f5f4082a10132e02119367ee
SHA1

b2871550b12bd2a8d2892e4d37e188fefecd71a5
SHA256

fbf0166c65f54ff129cd59bb59c054d969870e46d62cf73b9e89128c591d5b64
SHA512

b019c34902653ceba6492155ace08c566bcbd4cdbba61b114a7366426004924d057efc28103984da5fe3e6062e2a7580fe138ab040f5e336f47320399d3d8fe5
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeNQW/:aM7jJlRexYTHYZMNv/

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\tight anal fucking like you want it.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\drunk babes sharing a dick.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\ebony girl with massive hooters.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nude.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\strange asian ass odyssey.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\senior blonde fucking and suckin like a teen.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\leggy babe posing in pink panties.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Windows 2000.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson nude.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - bailey short skirt.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\busty blondie with cool ass.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\action with three chicks getting it on with a guy.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Universal Game Crack.exe

Filesize
68KB

MD5
fe58d382cfe3b91d48caa7e25a50b2eb

SHA1
6ebd9a9d9c2815bda214b8e9fc557283983aff0d

SHA256
c5be3f6c4696eb3980fa0084d4aee2b8bfb6922de9de4a99a190f901fee4a884

SHA512
1efc5121cdfc7528d6a003727d850b332033ed34342e4e59c9d37504185a545719ec04ab8ce911671326d0abd6e80d7548b7219c7ecb103f45fc7b7d515cd01b

Download Submit
memory/1400-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads