Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
06/10/2024, 12:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe
Resource
win7-20240729-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe
-
Size
4.0MB
-
MD5
1829cc439258bd38d568ea2d7e1c2ea5
-
SHA1
c8713179d3b7791057de5a102538271bc23c9aad
-
SHA256
32f5ec20e3ef7f2a362fb5c70c67a4b338bcff53757cee478693df22d5f8031e
-
SHA512
0a5ad94383fe7060d74878949258179b4a1bc0255123fba43ccec1719e6727eb4e466bce1f47cf40fa4e29a371f4df4bdc3fa85b0eae66f02405b3d7efa01d2c
-
SSDEEP
384:tIIrg805FkLxcmCmVpHEBdObQdTr2TSc2OD+nMMOjRpSR5yt/OxIkT+oFpq/BuWb:tjgyLxgDr2TsODSOj4w/OxJ+oFEZEmP
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 63 IoCs
description ioc Process File created C:\Windows\Intelx386\RealOne Player (Full version).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\VirtualDub 2.1.4.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Solo para Maricas.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\RM2GBA.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Puta come mierda.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Dont Touch.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Hacha Profesional Edition.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\MSN messenger 6.3.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack 50 Juegos PS2.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\German extreme violation.mpg.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual Studio (full).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 3.5 (full version).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Lolita Pack 20 Pics.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\WAV2MP3.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Follada brutal coño roto.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Terminator 3 Wallpapers.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 3 (full version).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Pedofilia pack 37 pics.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\humor.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Shinchan screen saver.scr 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\DivX 7.2 freeware.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\3D Movie Maker.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Sexo con una menor.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\WinZip 9.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\No lo Descargues.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\BsPlayer v3.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\PSEmu.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\GameCube Emulator.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai Shizuka clit.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\WinRar 4 (with crack).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\WinAmp skings and plugins.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\VMIntel386.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual C.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai Evangelion Poker.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Mazinkaiser comics pack.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Fuck my fat ass.avi.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Resident Evil for GameCube.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\ContaWin 2000 (full version).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Silent Hill.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\GBAEmu.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Visual Basic 6.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\mugen (full).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Matrix Wallpapers.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\a pelo.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\WinRar v6.11 (with crack).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Hentai.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Chenoa en cueros.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Winamp 5.0 (full version).exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe File created C:\Windows\Intelx386\Dont Download.exe 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 1628 2540 WerFault.exe 28 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2540 wrote to memory of 1628 2540 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe 29 PID 2540 wrote to memory of 1628 2540 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe 29 PID 2540 wrote to memory of 1628 2540 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe 29 PID 2540 wrote to memory of 1628 2540 1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1829cc439258bd38d568ea2d7e1c2ea5_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 842⤵
- Program crash
PID:1628
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.8MB
MD58993202ab364ec25d1bb83f712248f0e
SHA159f0aa5bec524f0f9ac7f628efbc5ff5498e4411
SHA2567cdbcf3bf15370489cedb706dfd87c9f1e2421e718101b30ce2ad5da33a83ff7
SHA5124a395b22f4be7c2dedea5501c6698038e8ee08796cc1125d161aaf6a7e42be6490b79a9448b6acc9407f58e408d7c4e04cce5049c8caf19ba6d717b0fdc67d30