93b8b4b95575fbaeadf2548f59bfe6e9f7a540eb02a75ce575ee7662bfb6ca52

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11-10-2024 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34a653c2523056e055c378285398f72d_JaffaCakes118.js
Size

183KB
MD5

34a653c2523056e055c378285398f72d
SHA1

d9813cda6da576f77d09ae3665f2c0c5dd37fef1
SHA256

93b8b4b95575fbaeadf2548f59bfe6e9f7a540eb02a75ce575ee7662bfb6ca52
SHA512

5737c3567a5675fbec43f2dcde75bb9f920dcee03aeb02b5bbb74074b80b41b266807fb8b6a1036dfbf42b96d61ae817fbf73f7cc1fb923378c2349f35d065b0
SSDEEP

3072:o9pZV7cIa1MmOQe+rABEBj+6fXB+Tcu01xI8xE9Ye+eLvLusOTi1N253:o9PVD+OyrABEBjFBpRjeJKEN253

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2740	2876	wscript.exe	30
PID 2876 wrote to memory of 2740	2876	wscript.exe	30
PID 2876 wrote to memory of 2740	2876	wscript.exe	30

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\34a653c2523056e055c378285398f72d_JaffaCakes118.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\zpjpvebgp.txt"
  2⤵
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\zpjpvebgp.txt

Filesize
92KB

MD5
5155453d759e49880d32caa54962acb0

SHA1
5f0b3395920fc56a9297866eb32590ff65cf28d2

SHA256
28daccdadfd5999b6463f6d1ed0d4da8f369f9d84d9046dd453b1ac78c5b6af5

SHA512
f8c97db63f996b5200ce3b1fcdfc26aff03f64714f52f4cf61fed87425347e4642d07e42847a187c2c5c53b8a4cd4c312326664f32ae8f43694ff867f5dd543e

Download Submit
memory/2740-4-0x00000000022C0000-0x0000000002530000-memory.dmp

Filesize
2.4MB

Download
memory/2740-12-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-19-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-20-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-26-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-36-0x00000000022C0000-0x0000000002530000-memory.dmp

Filesize
2.4MB

Download
memory/2740-40-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-41-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-44-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-49-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-57-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-59-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-61-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-63-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-67-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-69-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-71-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-77-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-79-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-80-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-82-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-84-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-86-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-88-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2740-96-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download