Overview

overview

10

Static

static

1

418c7dcc38...18.jar

windows7-x64

3

418c7dcc38...18.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2024 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    418c7dcc38bc4856f00a6e0067774ec4_JaffaCakes118.jar

  • Size

    115KB

  • MD5

    418c7dcc38bc4856f00a6e0067774ec4

  • SHA1

    95b6baecca24bcfc2a366230cd6b7597361b5f73

  • SHA256

    16ca6ef3a3dafa34c5fa0c1ac6db90d7f3744277dacec41ac100f46f35d59674

  • SHA512

    75edb83a575545dc326d38d12249740fb5e2fc2d184d4707deda5eaf5e35805a43b3baf6fa9740230e6e1ac27df0d6583a315f025d9054f25195baf5129d58da

  • SSDEEP

    3072:b0kW3A7V8ET+Bd341KDvq7UPIPuROerYORIkFyLdKr:zTCEqH3UKDC7U+uBrYOKM/r

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\418c7dcc38bc4856f00a6e0067774ec4_JaffaCakes118.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\fbmfhhsnnn.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\hysmrbi.txt"
        3⤵
          PID:2768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\hysmrbi.txt
      Filesize

      88KB

      MD5

      7b533e56cf887107c6729dfca8ac43ea

      SHA1

      884e4d1f69fdedbfa62048b59b58800654569a80

      SHA256

      05282277e19b725ae85ba74f79b3c197d4e099f395c3b8ea63e3dc6a24a6f8d8

      SHA512

      510f0d341c4de5ce89c84a4c12c5de03119678b45d8af94496f4931f08fdfb055a004add37b4701adbeba5859f366d32a3c0572b443f6a09d3171b35e27e3a14

      Download Submit

    • C:\Users\Admin\fbmfhhsnnn.js
      Filesize

      185KB

      MD5

      f17a60b3f01301ef7efb60444bb2475f

      SHA1

      e0c931dafb9f8b61a9a565d9be2e584135faaf6c

      SHA256

      954b2f5368ffb5f9cde3f663a825e64d43cdba7ff106e4da4de111dffd763e01

      SHA512

      844aa2a22d204ee0d397ce8d9f84977bbf391e0de8b900c89922ba0588e5629c61bf12070e4e6150dd29ffaad88040e38325ed354603aa98b73edae7735b62c9

      Download Submit

    • memory/2768-52-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-53-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-103-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-19-0x0000000002590000-0x0000000002800000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2768-27-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-34-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-35-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-44-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-100-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-97-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-54-0x0000000002590000-0x0000000002800000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2768-56-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-58-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-59-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-62-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-93-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2768-95-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3052-14-0x00000000026F0000-0x0000000002960000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3052-2-0x00000000026F0000-0x0000000002960000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3052-12-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download