06c0cd3392a713aad60453ee6babc22639691c439cb0df1a21295b90afbb46b2

Analysis

max time kernel
141s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe
Size

252KB
MD5

12c34865642d3b8614d68accbc5bbd5d
SHA1

f370fc38a60e8df6f0a5de2b649abedb2f177078
SHA256

06c0cd3392a713aad60453ee6babc22639691c439cb0df1a21295b90afbb46b2
SHA512

4b93a5c0c5e41ea2c81bf838e14354b3ea787a5b9f36c8abd5fa8bd193a7e92e2de6d72d8f21e827adbfdfde322524edc5ebde3468761cd52e8472a9a0d4f495
SSDEEP

3072:jnDtr3TdcvaURtwYu1TKI9S7v8RQ/M1GdhuDg+pmulCa6IW1NT/G/+YSoutyV0UM:nwu1r6vRzutc3bHzS+YSoSyVFM

Score

7^/10

upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\Control Panel\International\Geo\Nation	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4848-0-0x00000000004D0000-0x000000000056E000-memory.dmp	upx
behavioral2/memory/4848-105-0x00000000004D0000-0x000000000056E000-memory.dmp	upx
behavioral2/memory/5076-115-0x00000000004D0000-0x000000000056E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\utils.jar	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe
File created	C:\PROGRA~2\Zona\License_ru.rtf	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe
File created	C:\PROGRA~2\Zona\License_uk.rtf	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe
File created	C:\PROGRA~2\Zona\License_en.rtf	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 4892	4848	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe	83
PID 4848 wrote to memory of 4892	4848	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe	83
PID 4848 wrote to memory of 4892	4848	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe	83
PID 4848 wrote to memory of 5076	4848	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe	86
PID 4848 wrote to memory of 5076	4848	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe	86
PID 4848 wrote to memory of 5076	4848	12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:4892
- C:\Users\Admin\AppData\Local\Temp\12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\12c34865642d3b8614d68accbc5bbd5d_JaffaCakes118.exe" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
d48ad3d8538965383621c5d2201f75d3

SHA1
0ebfdd037179c8518da39f7d4bf77c758a007cae

SHA256
29a365ad4d2c5185c522a6bbf2b1db74fc01f862f1cdfd25bcddedd7e79e1d6e

SHA512
ce1f00355ce1a45dbaafbedcb497e260b1e62fa212f416d9a08fbc46a9c54b7755d26ffc54c017d2b7b98be8b7dd795c8fe89d597da6d7e505ce1af43645a5cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
1ff7b768e6799ba6cc47b78f5c265130

SHA1
d36dae938dccadad2f95ad6742b7714dc5450d8b

SHA256
0738633b95b3f9169d9dc1b61642e6212a8cb7a4d64d6a14fbdd4803115b52a9

SHA512
6b81afe47e9326787060429d1dfcd1866d468704ae7e68e06fa3df9fd6e9fc2295e86e9de0ee8902359e064ccded02a00483deb9e0811e2f51f07c71c6a050eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
d678827184be0518f6e75384be44bb78

SHA1
97dae3812a50940ff14f2c1b9f6ccf4e50c5027f

SHA256
cef03b9bf067c0d83eaaaffc57754aa10e0caad317e7b9d7fa52378b5187dafb

SHA512
1b15bb53d114f3de2c1e1e8fd67e195311a7a18c6912d9e6ec32e0340669fdd9894ce3b0f6247e5572e35de873788bcdb60219436b29d3b811059bb44723163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
c152658ca0c651d450cd85c09683c5ad

SHA1
2a003f2099b2e0715be4a04c2eefde99b36d4850

SHA256
0d60074c67f3529528ccd0144fadca156f51373377b79708b6516e6b716aee80

SHA512
50a16d842350ab7c1610667b695178665d620039b51e225d5dbcfde91637312f977162ea1395ffcb471a9c213ed0c9e6040716327579dc27cb76d159aecde000

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
07df4eee62b1e859d2b028fbd743a022

SHA1
ea3bcecf7abdf7a212337157c26638ec4331a866

SHA256
d3695ee0f3a8ae4237be518b156e12aa73037ecb195e9697ff9b087e7d992eed

SHA512
4ad3799ea1304d95e3eba27106a18d6e869b2eccc703a7dd91fc28faeb1c7fda89485340031436ad48d68a51f2728142312b2123c9fdc63b780f333c2b799b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
14KB

MD5
ef826f5d5adde903e379908f3186d306

SHA1
35f2086452685b342574e6a5ab5568f847e2f120

SHA256
12452c8168d43658fdaf8601b474b8d81bd52f34055bf1d3d6377c94a391c231

SHA512
8c79ae7970645c3d908e80de3e4ec1aa6c8c3f52c119dd3b11e3a468c585fb3a7c058db6410230a3fd75a90ea7d6b4d534a8e84287b75230b09ff33c88b002b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
15KB

MD5
fe0f80f0a954c3296b7571b26f15976c

SHA1
460c54f51f2956734f6c065ed3ace43619937936

SHA256
2ceba7117876cc977bfd347d093e5a72b0e96e9451621cbecf2581db84423771

SHA512
747c0e36839e3cd61ccc99796dadd2ffae462da300adc45c3acb1da2cadc6bb4f39db224c55b900d06302ef9335d651614180ccb6390e2dad1e29bc827c781d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
16KB

MD5
253b28e0f3b104ae1457de480ef84586

SHA1
a8dcf01cd32bf9808212094aa6269ae09c1f2bea

SHA256
784123205598b2ddb7a2eed40dd486c80a5673a9c7f1771a40779eeeac2051c5

SHA512
03a372a081842a41c37509ea6f12b30b2f01d09728ff956fd5b0625c4e50cee0133b3ae06e50a4171d11b92429cabe13eb69093fe18cca8370594da357bdb344

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
17KB

MD5
dfa9e60e1f9cdbdc08f074a9df9cfb7a

SHA1
1b9d96265d4d03732ae94d752165b88b8d0482f9

SHA256
a19d4748c87f0d2308b6d649fe60b8f6b7c6b9a19190dd58b85d2ec870e86d5e

SHA512
47b50523ce85ce8bf891b1b9bc568e69ca2a300e3efbd070931459380a82551b693e3b875586b1b65accdf493ade620c1673fe8c54feddc3072a90a5f4303680

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
2KB

MD5
f748cee82fd9cb3d9c74178d621ebe2b

SHA1
0c1f75bf4b2f803c2c8185527846f75305d10abc

SHA256
3d37da7767d34e7e67392498d549bfe6ec9b1a327b7efb20382a3e505649d2bb

SHA512
69eac4603c1fd057c209866eda334436e2019a0a6061a3125fb2139af64d4bc9b113465fb7916cd6057a07432ceca6d90a9b6da8bfe349eecf461ecfe710676b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
a8d0641f823d27b3b9dd89db0765cba3

SHA1
db23dff835f9f3f63b528e72f76c8a8dd2b7837b

SHA256
f1349b1604d6f7d500485833ef3b58f185f33b0962405ac8fe40c950959673a8

SHA512
4987378954bb43b11fead92b0b96b5a8c4af084021d8df552fc34e59b04e6a1f6103ecd7f25a196b194532e3512f448035c09cc1adaf42446e88c508d60b4da0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
3c85a0de571004af196c0b7a3e992c8e

SHA1
f80c17606475c26cc30152c89be14115d77808dd

SHA256
6d29374aa2234f64ce21ec595e6af0b19c0134725f5b96184f4248b305f06dea

SHA512
b9ed9e6502a6ad7e7454ef91155fe907f51d2df00d2896620ef355e0d2f5f4b25a2bae7ab45455916604fffcf79d0ecb3290a404a16d24b03e96bd2d30d90d6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
0af397f883a8c3d5100f8937f798e547

SHA1
0e33e6bd9d23714d6e8866da01fcdb2be45ad80c

SHA256
1b36ae66673d61fa93dd14de0ca917d15f3ac8541275b46a2fbfe9c6c14350f7

SHA512
729643436e1dcca4d18d893077671c310ec7986422ef8a733390687f65068db56bcc6ba6878c3ac2aacbd4df44f354b7ce695cdce15323785b877f7129411537

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
d64c2d6933f4f8d31c7fc450135ab1ed

SHA1
0c324beb1aa395b4a32784a99c32e7f0855cc16c

SHA256
954b442939a37af3c66a392dbc73335ac06fa3f2f5f22bea013815b50fc30835

SHA512
27a2305ac681773fe84a80a0d647f28648a79414daaf7c7f3814785393f6090bceb68a2dd09312de9e14efcca1b712c4c892d3743b235da272cc4b260fc93206

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
memory/4848-105-0x00000000004D0000-0x000000000056E000-memory.dmp

Filesize
632KB

Download
memory/4848-0-0x00000000004D0000-0x000000000056E000-memory.dmp

Filesize
632KB

Download
memory/5076-115-0x00000000004D0000-0x000000000056E000-memory.dmp

Filesize
632KB

Download