ea0d1df8f246470f17fde59c5ed6e866a813b07890de8dcd9932909a3825857e

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef3f13667597ce1b7ba2e2d966918609_JaffaCakes118.js
Size

183KB
MD5

ef3f13667597ce1b7ba2e2d966918609
SHA1

c4b9b27739149475dd718813e3bc05b68af2f11f
SHA256

ea0d1df8f246470f17fde59c5ed6e866a813b07890de8dcd9932909a3825857e
SHA512

85018f8fb24e0793e39b8b9c872fb04dd792aa057a7af0146095d5dc17fa3e2181d4edcd067314b3b271870186edcbe6f39de0640d9b97b54629f377268d900d
SSDEEP

3072:KK9pI8Ly5wq/sp6lOAbftWRLXkXme/IMh+LnVqUfaBoslG4RB7hVARDdjae5N5P:KKXZLy5z/rlOAbCbk2noUfaoSGeyN5P

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

wscript.exe

description	pid	process	target process
PID 2664 wrote to memory of 2696	2664	wscript.exe	javaw.exe
PID 2664 wrote to memory of 2696	2664	wscript.exe	javaw.exe
PID 2664 wrote to memory of 2696	2664	wscript.exe	javaw.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\ef3f13667597ce1b7ba2e2d966918609_JaffaCakes118.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\abxevcqwcb.txt"
  2⤵
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\abxevcqwcb.txt

Filesize
92KB

MD5
9f529d816bffd28587755104a62e7ffe

SHA1
2ced260d71011c450dab5145881fad5460d00edb

SHA256
7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f

SHA512
ccb1437c4fc7465bfdd62e5a7556a13f2bbebafe73e6c545a0125fe0289e833928b6c9f61ce36102ea107a6054f6ac738fae81ac068555fc500f1df15ac6baab

Download Submit
memory/2696-4-0x0000000002650000-0x00000000028C0000-memory.dmp

Filesize
2.4MB

Download
memory/2696-12-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-19-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-29-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-34-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-37-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-38-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-39-0x0000000002650000-0x00000000028C0000-memory.dmp

Filesize
2.4MB

Download
memory/2696-41-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-43-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-44-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-74-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-76-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-78-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-83-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2696-86-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download