Overview

overview

10

Static

static

1

JaffaCakes...209.js

windows7-x64

3

JaffaCakes...209.js

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2025 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8123bd619d954166aac39010723b1209.js

  • Size

    182KB

  • MD5

    8123bd619d954166aac39010723b1209

  • SHA1

    6db869ad2f0bd7c8b4f10ef690386c2fd4a6692d

  • SHA256

    688235edd0e908c64655904418de48d9be9abbe7745297c8ac3251d70d553da7

  • SHA512

    e39182a56efa946c0da979695cb6edfcf9656572be0ecffac417e333b9a7c19862c11ef2cd0371aee8e3d8a77a320b24ea3e5a2d4336fcd2916b30ee54b47fd2

  • SSDEEP

    3072:FwAic3rkuUnwzDLyGV03ggxeHxhyEtP2dvOhbDzCUyZcuuzZI5jmeL:FwAd3RUILdVgg1xzEOhDzryljmeL

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8123bd619d954166aac39010723b1209.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\xhhnldmk.txt"
      2⤵
        PID:2656

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\xhhnldmk.txt
      Filesize

      92KB

      MD5

      5155453d759e49880d32caa54962acb0

      SHA1

      5f0b3395920fc56a9297866eb32590ff65cf28d2

      SHA256

      28daccdadfd5999b6463f6d1ed0d4da8f369f9d84d9046dd453b1ac78c5b6af5

      SHA512

      f8c97db63f996b5200ce3b1fcdfc26aff03f64714f52f4cf61fed87425347e4642d07e42847a187c2c5c53b8a4cd4c312326664f32ae8f43694ff867f5dd543e

      Download Submit

    • memory/2656-4-0x0000000002450000-0x00000000026C0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2656-12-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-19-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-20-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-26-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-34-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-37-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-39-0x0000000002450000-0x00000000026C0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2656-43-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-44-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-53-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-74-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download