19d70f989916c257d0c89f5c8424375d3b3f9ba573f1503f5f85d1c69c112a67

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17-07-2024 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53c61d3e434b7b53dd3ef75348efa1f4_JaffaCakes118.jar
Size

120KB
MD5

53c61d3e434b7b53dd3ef75348efa1f4
SHA1

29f45cc6c3355526d8d41b49bada82cb2ff80039
SHA256

19d70f989916c257d0c89f5c8424375d3b3f9ba573f1503f5f85d1c69c112a67
SHA512

e35f54d69b18d5f61d3429dc7268a45fbc0e312db74a2d3b380b918794d9329f548df0096f4ada2710ba825f9747d0998038117df8b55577b7eb79eb558f6c91
SSDEEP

3072:QpAg/4NyBQ79he4WOUqoO8QbUfetXk0BHCSeuMEL:QOzaG9YOUqoJQbSgLxCRuM+

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2988	1244	java.exe	31
PID 1244 wrote to memory of 2988	1244	java.exe	31
PID 1244 wrote to memory of 2988	1244	java.exe	31
PID 2988 wrote to memory of 2564	2988	wscript.exe	32
PID 2988 wrote to memory of 2564	2988	wscript.exe	32
PID 2988 wrote to memory of 2564	2988	wscript.exe	32

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\53c61d3e434b7b53dd3ef75348efa1f4_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\arlucdtpaw.js
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Program Files\Java\jre7\bin\javaw.exe
    "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\xysdrekj.txt"
    3⤵
    PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\xysdrekj.txt

Filesize
92KB

MD5
72e3da2f8357c43f4fdf82a9479a1c85

SHA1
0b3b520fdde7958f9d02e388130ff5f6dc3dc1b2

SHA256
b1d480ddc3655879f8639184af5f1e6441660dc37216a8079982046e6e60c6c5

SHA512
0892f05ec27661901a01015b3751d7575ecafd5468ab33fb157ceb5072a861a4b0d19cd8d0b8cfc89fadde4cb02a9e2e13d52ffbad35fdd1e728c15a9a8c7bf4

Download Submit
C:\Users\Admin\arlucdtpaw.js

Filesize
185KB

MD5
6d4f8dd0875ed857628cf695d0f75597

SHA1
6f0122f230ed3d493d04f4319ddc23344079f99d

SHA256
f1ede271033f80c0fe0cedb00942529972b3b6ee6604912e53daf88e69115e91

SHA512
657c863939e376bec18a95c43ac2b56f608fd6869ad5f2a181fd27e855822ce49dacb7d8d444c4977532e1501929b8c387c82cfa861eaa962d342a443693a13c

Download Submit
memory/1244-2-0x0000000002600000-0x0000000002870000-memory.dmp

Filesize
2.4MB

Download
memory/1244-12-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1244-13-0x0000000002600000-0x0000000002870000-memory.dmp

Filesize
2.4MB

Download
memory/2564-49-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-52-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-34-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-40-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-44-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-19-0x0000000002460000-0x00000000026D0000-memory.dmp

Filesize
2.4MB

Download
memory/2564-51-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-27-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-54-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-57-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-70-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-90-0x0000000002460000-0x00000000026D0000-memory.dmp

Filesize
2.4MB

Download
memory/2564-94-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-96-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-100-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2564-106-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download