Overview

overview

10

Static

static

1

ddfd5ba555...18.jar

windows7-x64

3

ddfd5ba555...18.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10-12-2024 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ddfd5ba555c1ddb846bcfea284304962_JaffaCakes118.jar

  • Size

    120KB

  • MD5

    ddfd5ba555c1ddb846bcfea284304962

  • SHA1

    9e046cf863ee0dee8624c47d9eb3c21d1b9ea4d3

  • SHA256

    ad73f495299becc7d5b604d46e6c04d228ff16a012fdea41f67bf163d015a7ed

  • SHA512

    979e2ea5aed1774b9beebd518e0acb7b56ad4e1fa3f3378e32e0f45f41d930ebf4c90d75d75ba022603ea6232e6410be6fdf134f904d488e852df7f941a2d84f

  • SSDEEP

    3072:wcg3Hek0RcdUBNMAg9TpKq1JVLxw1ghxDg3UPZdeE7GCe65/:jgeRusmAghIq1JVS1YxRPZdRqCfp

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\ddfd5ba555c1ddb846bcfea284304962_JaffaCakes118.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\qdbqpwnlfg.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\tdeljtpvd.txt"
        3⤵
          PID:2912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\tdeljtpvd.txt
      Filesize

      92KB

      MD5

      72e3da2f8357c43f4fdf82a9479a1c85

      SHA1

      0b3b520fdde7958f9d02e388130ff5f6dc3dc1b2

      SHA256

      b1d480ddc3655879f8639184af5f1e6441660dc37216a8079982046e6e60c6c5

      SHA512

      0892f05ec27661901a01015b3751d7575ecafd5468ab33fb157ceb5072a861a4b0d19cd8d0b8cfc89fadde4cb02a9e2e13d52ffbad35fdd1e728c15a9a8c7bf4

      Download Submit

    • C:\Users\Admin\qdbqpwnlfg.js
      Filesize

      183KB

      MD5

      dbdc17cc3071823c2b75baaf93d4d913

      SHA1

      63dce087a69b02e7e25f2edd369dddda2bf40677

      SHA256

      8dde095f7456f4c6cdbbe14223c189d6b4dc67e05a42eb812956dcd62e8fef28

      SHA512

      e6be87150f05b3ca56e03ffae167f304859cabee4e24a345e3bfb9da07cbad23148b54df533c9912e1c7257997680bf8b4d2819c633a5c4bc1b025232646992a

      Download Submit

    • memory/2400-2-0x0000000002590000-0x0000000002800000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2400-12-0x0000000001C70000-0x0000000001C71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2400-13-0x0000000002590000-0x0000000002800000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2912-41-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-27-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-34-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-19-0x0000000002670000-0x00000000028E0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2912-46-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-48-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-57-0x0000000002670000-0x00000000028E0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2912-59-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-60-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-62-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-72-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-105-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download