8fea853869505b25810942547c6ef28a4126371c92af9b7ac250d556fd830951

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8d911731449b581615976ea349d895a_JaffaCakes118.jar
Size

120KB
MD5

f8d911731449b581615976ea349d895a
SHA1

52e158fe74cc64e6e542d5b1674393976b44a3a2
SHA256

8fea853869505b25810942547c6ef28a4126371c92af9b7ac250d556fd830951
SHA512

87bac759cb98933a3b7be381cc4c87a15cf5478bd69d4d563184dd5ce3d96cae28c4742865376be46dd8e79d19214874fe213b81809c07c512148dd3bcb9fdc5
SSDEEP

3072:d/kAi72kO6b6HBrC0F9izWed3HihVAFRxWYQLZzZyUbrbo:Hi72kOqAp9od3ChusPF7o

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 3064	2804	java.exe	29
PID 2804 wrote to memory of 3064	2804	java.exe	29
PID 2804 wrote to memory of 3064	2804	java.exe	29
PID 3064 wrote to memory of 2460	3064	wscript.exe	30
PID 3064 wrote to memory of 2460	3064	wscript.exe	30
PID 3064 wrote to memory of 2460	3064	wscript.exe	30

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\f8d911731449b581615976ea349d895a_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\kntxyyyvsx.js
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Program Files\Java\jre7\bin\javaw.exe
    "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\kolvlklz.txt"
    3⤵
    PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\kolvlklz.txt

Filesize
92KB

MD5
9ca3f73aead4911599c9fb7a7a598983

SHA1
0b57422b8f592057096ff284e99fb36adac40bdf

SHA256
48e5ea0cf6369de9db746c93b745760190d5f9a60b8415bbfc5d4dd0136272c6

SHA512
a07136c1299b3249d9b18ade210303971c354e51851b7b964ae684cc9e89e735a62ba7ca0fd50393fbcd0fe5735d2e8a62e350a4d9db6e6ea56f15241b415cc1

Download Submit
C:\Users\Admin\kntxyyyvsx.js

Filesize
185KB

MD5
5f8c6fa324da4278e83e52ba88509393

SHA1
2c90945b65888f503d56d338ec61ae4f92b93164

SHA256
87b18c96ac3184490446f277b24d80783a13fed5ae799731daa922d079173287

SHA512
ea159a2c2e4001043f1f0740f1969c17921f9e4446b4fe1e5a79996fc986fd9f7a79afb4f0c0670f5a5f43cc7df3083be67f41227c1388a41b784a5a6f9260ff

Download Submit
memory/2460-41-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-43-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-25-0x00000000022B0000-0x00000000052B0000-memory.dmp

Filesize
48.0MB

Download
memory/2460-26-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-33-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-36-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-37-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-40-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-70-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-67-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-45-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-51-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-52-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-53-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-63-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-64-0x00000000022B0000-0x00000000052B0000-memory.dmp

Filesize
48.0MB

Download
memory/2804-12-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2804-7-0x0000000002070000-0x0000000005070000-memory.dmp

Filesize
48.0MB

Download