f0d1596a53d0764566c2c306e918d7564519e92e5614f10fb32c3f56d74c40c5

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96fad56cee1be508f8a2a15d2ae62995_JaffaCakes118.jar
Size

119KB
MD5

96fad56cee1be508f8a2a15d2ae62995
SHA1

c2c876559c4266e80c9d1841825cb0f515b4b71f
SHA256

f0d1596a53d0764566c2c306e918d7564519e92e5614f10fb32c3f56d74c40c5
SHA512

8a7494d535aa4f2d046f5d2b2945008be83fcb35db68af4b1172432ea202436e22ba59273c262d61190a0d5567a6a21666125144077b84d7c9fff76982578107
SSDEEP

3072:z3cSUgKmq1p8PJm8HaRTSYva87Utdj2BFLGvuwR:zpUOqQPErR1va87Sdu4

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2780	2296	java.exe	31
PID 2296 wrote to memory of 2780	2296	java.exe	31
PID 2296 wrote to memory of 2780	2296	java.exe	31
PID 2780 wrote to memory of 2800	2780	wscript.exe	32
PID 2780 wrote to memory of 2800	2780	wscript.exe	32
PID 2780 wrote to memory of 2800	2780	wscript.exe	32

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\96fad56cee1be508f8a2a15d2ae62995_JaffaCakes118.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\czbevvbmcw.js
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Program Files\Java\jre7\bin\javaw.exe
    "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\czclxhucr.txt"
    3⤵
    PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\czclxhucr.txt

Filesize
88KB

MD5
3ef17a2463be4a913a608026b23594a4

SHA1
94bd0098203c4eb914521428d6257a183f90702a

SHA256
76ebd50d7ec67bd08788951e1c6fd5cb81a9e978a1e4f24a5fff2e6d00f24e52

SHA512
ce97a4ab5b83c8eda811f53e1fa86080b8182fcb9e228834c42a729a5f3968285dcdcb73557ddad4724f1ce17958e32b54c5c58ad8e9e8196d3dd078511263c6

Download Submit
C:\Users\Admin\czbevvbmcw.js

Filesize
204KB

MD5
302bfb583eb5f55c3b110779ad22e3bd

SHA1
462fca2ab32ae19af2cba7ef194a750a47cf4df8

SHA256
f92c3349fc36d7f16ca5d7ef12654b61965f14f27377aab85d43134d4baf5be6

SHA512
30dfbb67bf851ca49764180303124987afc57fee49d80e29e5d0db216db5f84ac44d9c3426bcdc35e397fbec63ff57676c97ac5e77ee47ed24606a2f337f0312

Download Submit
memory/2296-2-0x00000000024F0000-0x0000000002760000-memory.dmp

Filesize
2.4MB

Download
memory/2296-12-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/2296-14-0x00000000024F0000-0x0000000002760000-memory.dmp

Filesize
2.4MB

Download
memory/2800-36-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-27-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-34-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-19-0x0000000002560000-0x00000000027D0000-memory.dmp

Filesize
2.4MB

Download
memory/2800-41-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-47-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-54-0x0000000002560000-0x00000000027D0000-memory.dmp

Filesize
2.4MB

Download
memory/2800-56-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-58-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-99-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-102-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2800-108-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download