4fe2155de6e61665205a522e8fc7c95d25f53362f2e319fcd0993c4ea93bbbad

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

071c608a80c84e55ed4ead5e577104ea_JaffaCakes118.jar
Size

187KB
MD5

071c608a80c84e55ed4ead5e577104ea
SHA1

1dd9194c56acd00e0ea5dabe9555334856a620c0
SHA256

4fe2155de6e61665205a522e8fc7c95d25f53362f2e319fcd0993c4ea93bbbad
SHA512

25d4486c9352b5223113bbbeab5afc64cdfeb621b43f80aeb64f0400aeca364e91e9a3037e894c1918d5bce8a832d9e035aa77c41f57a9c67cd1c294059c7b62
SSDEEP

3072:ZIlbuz5kQLKPTzBPDmrKI/aoMQXw8TDcgMZ4sNgvC8xV1Wu4cTXCrnqAq1l8O:Z6ax+7FDA2QA8T3MOM0bVAhO

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

java.exewscript.exe

description	pid	Process	procid_target
PID 584 wrote to memory of 2728	584	java.exe	32
PID 584 wrote to memory of 2728	584	java.exe	32
PID 584 wrote to memory of 2728	584	java.exe	32
PID 2728 wrote to memory of 2700	2728	wscript.exe	33
PID 2728 wrote to memory of 2700	2728	wscript.exe	33
PID 2728 wrote to memory of 2700	2728	wscript.exe	33

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\071c608a80c84e55ed4ead5e577104ea_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:584
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\opzidxsfdk.js
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Program Files\Java\jre7\bin\javaw.exe
    "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\mxksmijbx.txt"
    3⤵
    PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\mxksmijbx.txt

Filesize
92KB

MD5
caa505646d19fd3e3e7de7b34ed5db77

SHA1
e5e5181d3a8c7a22cfb39a4538237bc62697e805

SHA256
aab7895819ff88404f40ed2645c0d411f04b56f018b6e72246f8475b3605882b

SHA512
f6c492547308564b1129dd03bbec622d5130010e9d50e7e9fa71f3430b75b6f2f291168b80ab4d765e626bbd886703601d880bd4e3aca4517cedcf99e1838603

Download Submit
C:\Users\Admin\opzidxsfdk.js

Filesize
866KB

MD5
b275441d305e83de9981ae9335b28d46

SHA1
1e781c8c3475d675a8554e7e3f7025e0bc8dd580

SHA256
22a107a28e169cb1332a6e9dcf870610a9573faa0744b4e83570ad748c850573

SHA512
20923420748f8efce687b7bf10b21388bdfde0dcbcdadd41077de8fa100fc8b3bae86b991d49f01ffa00e7fec6332b06d4675d15e614a817a852dd7db95877db

Download Submit
memory/584-2-0x00000000026F0000-0x0000000002960000-memory.dmp

Filesize
2.4MB

Download
memory/584-10-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/584-13-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/584-15-0x00000000026F0000-0x0000000002960000-memory.dmp

Filesize
2.4MB

Download
memory/2700-37-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-54-0x0000000002690000-0x0000000002900000-memory.dmp

Filesize
2.4MB

Download
memory/2700-36-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-35-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-22-0x0000000002690000-0x0000000002900000-memory.dmp

Filesize
2.4MB

Download
memory/2700-45-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-53-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-28-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-56-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-57-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-84-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-93-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-108-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-109-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2700-114-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download