472ac63c2de381e3992ae18c47c6c466f3d19371123666ba7ae973b8df353cf1

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd3c389c94f8ec63bee76fc461aa4eeb_JaffaCakes118.exe
Size

386KB
MD5

dd3c389c94f8ec63bee76fc461aa4eeb
SHA1

14b26b147362845a1408b35cf3e536197ccfbb90
SHA256

472ac63c2de381e3992ae18c47c6c466f3d19371123666ba7ae973b8df353cf1
SHA512

9122e287a0a541d89964670f5a4354056c3b106f8e4e1a3df2c76c7dd313c5dc17a84cf55422944be43ff4fcd16b9795e2adc299219946248e6b30b8429dc5ac
SSDEEP

6144:WNjAcaUb0HF2idZecnl20lHRxp3gT9+Ht3hn+BBVKUii9gdTyr26W6Yk3+i0MCUK:W5BaUbaF3Z4mxx09+NReBlsTVxvk3Z4d

Score

3^/10

discovery execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dd3c389c94f8ec63bee76fc461aa4eeb_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wscript.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2504	3064	dd3c389c94f8ec63bee76fc461aa4eeb_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2504	3064	dd3c389c94f8ec63bee76fc461aa4eeb_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2504	3064	dd3c389c94f8ec63bee76fc461aa4eeb_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2504	3064	dd3c389c94f8ec63bee76fc461aa4eeb_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\dd3c389c94f8ec63bee76fc461aa4eeb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dd3c389c94f8ec63bee76fc461aa4eeb_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\wscript.exe
  wscript.exe /B "C:\Users\Admin\AppData\Local\Temp\newdou.jse"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\newdou.jse

Filesize
17KB

MD5
25bd9a9231a0b25d31e40b4f535fe248

SHA1
6907b2c07e7cdf020172c90a345373e0d31af694

SHA256
0e3cdcd0fd3ea5a07f100de99cc1ee5d6e1f3d0efdba23e4fab6efe1612d454c

SHA512
d3e904d00e8cc97d321109f4345ec7f0921825197785a74af579715b22f54893928fddb686648dd7c36617c3041b9342c0810a2ba3ba2d97bb90854372c5a820

Download Submit
memory/3064-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3064-1-0x0000000000550000-0x00000000005A4000-memory.dmp

Filesize
336KB

Download
memory/3064-20-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-21-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-19-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-18-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-17-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-22-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-23-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-56-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3064-24-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-55-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/3064-16-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-15-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-14-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/3064-13-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-12-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-11-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-10-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-9-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-8-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/3064-7-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/3064-6-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3064-5-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/3064-4-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/3064-3-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/3064-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/3064-25-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-26-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-28-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/3064-35-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-53-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-54-0x00000000031A0000-0x00000000031A4000-memory.dmp

Filesize
16KB

Download
memory/3064-52-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-51-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/3064-50-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/3064-49-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/3064-48-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-47-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-46-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-45-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-44-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-43-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-42-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-41-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-40-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/3064-39-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/3064-38-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/3064-37-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/3064-36-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/3064-34-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/3064-33-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/3064-32-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/3064-31-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3064-30-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/3064-29-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/3064-27-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-59-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3064-60-0x0000000000550000-0x00000000005A4000-memory.dmp

Filesize
336KB

Download