ca3fc82f9e68de0c08bb1195161f20e0b7ffe7177563f072d93ec40c88c96e2a

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe
Size

40KB
MD5

0b3a99041c6f87cd214aaca8fc9ced36
SHA1

540e931f8bbcba2a8d37c6b74b4a690d43f117d5
SHA256

ca3fc82f9e68de0c08bb1195161f20e0b7ffe7177563f072d93ec40c88c96e2a
SHA512

097684023fa16557c9005eeccd9ae74101081d72a1b9df8b84aaa8a9e0159f7413240c31ee4fa32717c2cadf597cdfc7937624d48d257e10653b5f09550c064c
SSDEEP

768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtHgqUE:aqk/Zdic/qjh8w19JDH9UE

Score

10^/10

google persistence phishing upx

Malware Config

Signatures

Detected google phishing page
phishing google

Executes dropped EXE 1 IoCs

pid	Process
1284	services.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000023275-4.dat	upx
behavioral2/memory/1284-5-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-13-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-17-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-21-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-22-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-164-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-237-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-240-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-244-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-305-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-308-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-320-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-385-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1284-512-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe
File opened for modification	C:\Windows\java.exe	0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe
File created	C:\Windows\java.exe	0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1284	2212	0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe	91
PID 2212 wrote to memory of 1284	2212	0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe	91
PID 2212 wrote to memory of 1284	2212	0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0b3a99041c6f87cd214aaca8fc9ced36_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[4].htm

Filesize
152KB

MD5
c78c442f929b5ab9121bba6a47717190

SHA1
a6fe12ad4a60d5caba42dddcdacf17c27a3ff0b4

SHA256
73fdb48f7334d3c95524e41fca2080b7b728a9006589b63b13a7beb0c1190e01

SHA512
e29a3240f7cfdf82586f8e7b475832e7aca04f364fd29674cdacd9a8d4d659ad32fcd5b53ead24e7eec87c6f978fe133f40038cd85a969369f670bd64674bfc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[7].htm

Filesize
144KB

MD5
54affcc56ce7a466aaaf7e532edd3ad9

SHA1
c1a26a79f5dd353621f16f30aa430e32e66e10fd

SHA256
3b23f8bd0657e00fccf5dfe2d2827f625317e0dab7500f5a5d526a3f3e1f098e

SHA512
74931a4b2367c2b948e6e4342b89bce41a359759706b7d3b06b9d73b14d07e0c63f8ce1ec80e4ba99c78c43db0a17fdb4a1090bc41bc8b938e80bee8caca4eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[9].htm

Filesize
167KB

MD5
b6d5c8462701e657c4d137d4a735209b

SHA1
b622d7ec006787f40fdac17963699832e15877d5

SHA256
037eba37ba47d54c8397ad180ec5045947634f538e125257446822c4a9f8fcc6

SHA512
244cff6e33f7c772dd5e482014fa8d9f74458d9bfb9982ad42d3fbfcf789406c1668e58a2c1003d3123c05db7becb8470ba5b69f5ee853c0a4373d059a5455b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\0NJE06CE.htm

Filesize
175KB

MD5
79103a7745496be1de5702a1fac79f6d

SHA1
e29eaf3d263e7b9db586d6cadae8e0c34e26ff3c

SHA256
cc08e4d354816416db5fba58671fef09a9fc36ee08870d008a1f3ec2085353fa

SHA512
1238ffc03d479b736464d9c3f561d4d65e458cabf1e79f718444a5ca68047cf2cc8aa790d5cb9bf88bd2c9e8b893f3e3d633d2f36592ad91ae5fb79d05dec233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\results[3].htm

Filesize
1KB

MD5
211da0345fa466aa8dbde830c83c19f8

SHA1
779ece4d54a099274b2814a9780000ba49af1b81

SHA256
aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

SHA512
37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search6XLRKSM0.htm

Filesize
163KB

MD5
78e4ff6946444874d2e98cb904ee13e8

SHA1
1123f0212f85781392021f2f930ea7780ae3cd15

SHA256
e8ddec44ce41116078bd5a38f6a405fa5d5956999d46917c864574b4415462ac

SHA512
46b64271afb1761e9d2802f69049b71886eadfc8e203d76f0423f26ecee509ed6e99bdea0b403d67edfed034814c57919a9d4e1d9c28fb9cf587bac7d2e1d595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchN35F24KB.htm

Filesize
112KB

MD5
fda900ce878674c09e21214d13e83624

SHA1
6e3d66e8293621c762bc8ef43e9c542674df178d

SHA256
488d8df3f7a68f0051c768fb33362ddc8db1fb6a4dc6e5d8104b344ae8b239f0

SHA512
16755f2e65a50ae184018111ad4b45648fd28c45c2cd0ad3dbc7efa9e910e0e09916732c0a06facef3de1d322e89ea39de399f09f58c9142b6287860eb38c158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchTM6QN0AM.htm

Filesize
140KB

MD5
556cd0254f09deb15bcdd8de11504d7f

SHA1
396a9d04eb8376ffd7a1a2fe1309dde1fe49df87

SHA256
b428c1a11f4e4861fc31964212516a9977dc37b1ed968b3eca7011c2b5d669e9

SHA512
8e196e0404649ba0801b9219f3a4e7b438f950c9c982644b971550edc94960ef89def77f86d4672ceb2a5debd8aef6858b23404cc17f5a13bf7ba0b692191fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchWGER3DXX.htm

Filesize
156KB

MD5
6319460cb837eea950e7811df30f392b

SHA1
4f69ec3bec5a4247f8beebd89d29773cf0936700

SHA256
fbc75f6d3bfce7c4d29e920350a4ea83895bca54b1d84b64bfeca43552314a58

SHA512
c2ba13027b20f0650f461598d61b5c93cde43b2f475f3e2dc16b5f398fdadacebb78b24cbe3d2edd2c76a381f1b7d001dd02d4c0b38a0244aa8d4e86ed5a9d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[3].htm

Filesize
118KB

MD5
94096dbec31c47d6ada6cd48c288fd4e

SHA1
43752d5c0ab95072b6e6fd8c062ec9f7c9a38cbc

SHA256
2b1654c93ced19fdd5d82a8678ffbb7c7a6cd58e64ea3e5ba532dcf8b1e5c58b

SHA512
b6f4cb91178255ecc9b282d93d2621309cdb7453a1983b2b47cc178b9a8823fbd97762526f5dbcc5a188f3e24ce77e4da6b07dade5cd7508c6f07ae1b98a5300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[4].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[8].htm

Filesize
122KB

MD5
d347e9617895726b8faef49d0ac6c288

SHA1
e38a0e87238eeb40b105ca5d5a3178a28ec62471

SHA256
2c1135df68795fa30d369e97bab4acd28b08765bc064c882e7befd5a9dce3aac

SHA512
52147466967856fdb6473e8e48d525e71adece5d10c5ce78e5d8dfbad6988e28f2dc5c3997ba74cad15f2e268572c7fe2f917422f99618ee71c6432085bd0953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search15O6X5Z6.htm

Filesize
104KB

MD5
4a381247cb628d1a7e317d3af3f4fc57

SHA1
c969642f7d16df9924cb3a0e6e43e5178071d6f7

SHA256
d7df7f285be44cf7c6847c0b7096ed1a73cd4b29f1e400996dda342110197292

SHA512
3ed40bde6ba127b4b4008a6003eaa6f0dff8e1dedbf9dd19a8c63a601b877431ab19374d823ee19373e06ab28e1006ef4a2498f30c94c5c2880c8d8b11d240b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpE0D8.tmp

Filesize
40KB

MD5
509856261ea599fe69ae55a9fc73754f

SHA1
6f3fec122f632423549e72ab2f01c3e904a024d8

SHA256
7aa3551e48f4aa5b0cefc9405fc278dbf4ed22b896a646094c009b0d1ee96ae6

SHA512
a72496baf845fe81a8c4b26e9e66adc7ed66d634e2cbc4aaeffcc11550941a270d5d8b533cc1be5c1d14c0e3bfa62feb988243aef09bbab7b7d777f13aa3da6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
859ca3622bfa38b619393941888bae40

SHA1
6b8223878a8d82cd126b8f74ada5a9e3e69d04f4

SHA256
a579a53f71a1dc6832a93a527deac2568b01891c2a35d09d47a871a175f807b1

SHA512
81883062841f2d10338c2baaef9e6bcf384274a3164dbe2db84e8bdfa65835a22a645c44d5c8974c5623a3895327367232cdde3ec3651ca7371cbe003dff4cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
e1e8f724358c724fa8d99ddeb6190794

SHA1
670decfbdb11ca5045f063352da0d3e56092f696

SHA256
44f8867d30f6b3afda4454e2debd0d01dbf2daa75172742acb4d24cb4242bd8c

SHA512
ce162fcb2c7dbbe9e10436b7379c286e954c80ce19ffe3cbff5bc439483729a8b4fe88ef97a41e0843d6a011c6b1a17fcd63914c0cc93c2f9a4ffefd5a0c1283

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
83300fcb4c68e18591b7605fa96b1be3

SHA1
abf9c22b901ca750cc176311f1372cab0de58fac

SHA256
ef40f3ac91332b692edbd59bbf16881d43191ca610bef05078c5ddf526bbc2be

SHA512
d9f08b8721cf89397f32318e8c2ceec99d93b0ba1a069614fb6c3f228776e1579a10871579d874658cd3bc2585ff989ad230648eb46c8a9741d714e40dce20ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
ab96bd447af9e50709392d3dfe6112d4

SHA1
1e9ae47fcf0cd3211369d5e927bffa20ddfe33af

SHA256
444ff5e51357f075ab863c02f3047687ff6d5238dbbc3788089a13fc92fdb3af

SHA512
110989d3eb06ccf8e1ac09c2a111475ccdee48c34ff209ea511d7e115725c792aed2be73d26760a8f3b48b55a663680b55530e4713c01ad0075dbcbfab5a1d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
3065e29fc3399d008ab04fee849e128e

SHA1
c2d11f78f5736fb6b0e81c3e46135dd440bc167b

SHA256
f4484d6f98c4e6e710bec3d7cd9339eeea6106572e01bbacccca04ac5a0b1e00

SHA512
eaba4817e03a8bf4c27ec65116af51b8556e4582153c794f1d2e97fc9bc7c9e082b52f74eaeab6507c0ad54978af02e28cbca45fa6f76a7dceb108540ea1b336

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/1284-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-13-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-305-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-308-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-512-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-320-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-22-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-21-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-385-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-17-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-237-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-164-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-244-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-5-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1284-240-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2212-0-0x0000000000500000-0x000000000050D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads