fbf0166c65f54ff129cd59bb59c054d969870e46d62cf73b9e89128c591d5b64

Analysis

max time kernel
92s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
Size

157KB
MD5

fdd7bce2f5f4082a10132e02119367ee
SHA1

b2871550b12bd2a8d2892e4d37e188fefecd71a5
SHA256

fbf0166c65f54ff129cd59bb59c054d969870e46d62cf73b9e89128c591d5b64
SHA512

b019c34902653ceba6492155ace08c566bcbd4cdbba61b114a7366426004924d057efc28103984da5fe3e6062e2a7580fe138ab040f5e336f47320399d3d8fe5
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoeNQW/:aM7jJlRexYTHYZMNv/

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute honie spreading flawless ass and juicy twat.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\an asian bush getting a cum bath.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\blonde with titts and cunt sending chills thru cock.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - bailey short skirt.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\hot slut with a big dildo.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Website Hacker.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\action with three chicks getting it on with a guy.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\some fine amateur pussy shots from behind.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two busty sluts fucked in bathroom.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\two sexy blondes share a cock.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fdd7bce2f5f4082a10132e02119367ee_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:3856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif

Filesize
84KB

MD5
a64fee6bf9905c3cd09dba2319f7a734

SHA1
7a16459796752fd7c0343a76eab14fd5ba82cea5

SHA256
c862b72ccea2dd165bafa27cb428464039e2d206bdda796b9edfe945011a68b0

SHA512
b1fa68cf3085152e10e5fab0d2a3d0efe9bc4d442051e81f045845883f1bcb10ee61a105305d35e87caedc6623018f5133289436d7a3edfd0dee7a3d9ab022ee

Download Submit
memory/3856-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads