4f071d0dfe0d2e57c44b9157680ef8d17a36323095c212f3fb09faf59d8c91c1

Analysis

max time kernel
150s
max time network
145s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

230f66e17bb2888242f14a2403d0c9a6_JaffaCakes118.jar
Size

175KB
MD5

230f66e17bb2888242f14a2403d0c9a6
SHA1

7482a6068d0562b8002bc1827d9b073012d389ba
SHA256

4f071d0dfe0d2e57c44b9157680ef8d17a36323095c212f3fb09faf59d8c91c1
SHA512

1a5b6028890ec40ea2b56840b6d96f724a853e085a5171f14758353f5909626df1459610ffe22565b8de71a28d8bae3b30c01d1c01d145f56997060e8b5c43db
SSDEEP

3072:mFe/oCh46wP4TEx46CG2Q8yIsKAE6tH0rzZcPU7rWIC0IegnEWetqaDtbQK:mFChxwQU4e29yIzAbRQSXSIextqaDtQK

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs .reg file with regedit 1 IoCs

pid	Process
2644	regedit.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2628	2180	java.exe	29
PID 2180 wrote to memory of 2628	2180	java.exe	29
PID 2180 wrote to memory of 2628	2180	java.exe	29
PID 2628 wrote to memory of 2644	2628	wscript.exe	30
PID 2628 wrote to memory of 2644	2628	wscript.exe	30
PID 2628 wrote to memory of 2644	2628	wscript.exe	30
PID 2628 wrote to memory of 2692	2628	wscript.exe	31
PID 2628 wrote to memory of 2692	2628	wscript.exe	31
PID 2628 wrote to memory of 2692	2628	wscript.exe	31

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\230f66e17bb2888242f14a2403d0c9a6_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\dnweiidfnz.js
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Windows\regedit.exe
    "regedit.exe" "C:\Users\Admin\AppData\Local\Temp\ebgeaegdbdecaedfebace.reg"
    3⤵
    - Runs .reg file with regedit
    PID:2644
- - C:\Program Files\Java\jre7\bin\javaw.exe
    "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\wpoohplriw.txt"
    3⤵
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ebgeaegdbdecaedfebace.reg

Filesize
143B

MD5
0e5411d7ecba9a435afda71c6c39d8fd

SHA1
2d6812052bf7be1b5e213e1d813ae39faa07284c

SHA256
cb68d50df5817e51ec5b2f72893dc4c749bf3504519107e0a78dda84d55f09e2

SHA512
903ac6e5c8a12607af267b54bcbbedfa5542c5b4f7ea289ab7c6a32a424d5b846ae406d830cb4ad48e2b46f92c504163c0856af8c3e09685a8855f39f616ddb1

Download Submit
C:\Users\Admin\AppData\Roaming\wpoohplriw.txt

Filesize
91KB

MD5
6bf6805ce69e195155646d86e8f9d79f

SHA1
81364da6cad1a1b22d00542f1d6066a05c05bcfe

SHA256
e6bc1311af74b649c4ee6e54de5eed79dee7ece5a62d4e20d28114330707b1d1

SHA512
38ba3e3692c205ef2aa83093149153805d6273015587e8010d7c1beff546f8495b25cd42b40be0adf01f3abd698082e564a10aa717a5499865dc99411b9589aa

Download Submit
C:\Users\Admin\dnweiidfnz.js

Filesize
723KB

MD5
49c79dbf81dc58d7e363cb16f3650bbe

SHA1
6c370454991e03909553c1994c1480c2176f7e4c

SHA256
7adef8dddeec17419a2e7b098915cd70a85294ce5d7ed96c028e007d8c9ff51d

SHA512
381a7c255a0acb7b01bb9d00e5582198c38ae82c5a1f1b07e307ec213ea783959a684d848d972d185641d979dcca66ff962edb971f51d7f47557e3fce8620bc1

Download Submit
memory/2180-2-0x0000000002510000-0x0000000002780000-memory.dmp

Filesize
2.4MB

Download
memory/2180-12-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2180-14-0x0000000002510000-0x0000000002780000-memory.dmp

Filesize
2.4MB

Download
memory/2644-17-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/2692-39-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-31-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-38-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-24-0x0000000002590000-0x0000000002800000-memory.dmp

Filesize
2.4MB

Download
memory/2692-48-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-53-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-55-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-58-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-65-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-70-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-94-0x0000000002590000-0x0000000002800000-memory.dmp

Filesize
2.4MB

Download
memory/2692-102-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2692-107-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download