Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-05-2024 16:24

General

  • Target

    138a1335180409c666db663d40b5c132_JaffaCakes118.exe

  • Size

    40KB

  • MD5

    138a1335180409c666db663d40b5c132

  • SHA1

    4bd93903e0e2636e7ba087e1d84a078c87187db5

  • SHA256

    791bf93cfa3042bb68c2fb39239ec170db06f40af15a1c1adafe6720c3d3b730

  • SHA512

    92bcded5e793374efadfc2d1e2ed65aec9b8f6a7b294f2910364c6542c6be1f6d4df46af2febd0073a491a5d0b682c8acd957e06e14b21dac43099fae7566282

  • SSDEEP

    768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtHeh:aqk/Zdic/qjh8w19JDHq

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\138a1335180409c666db663d40b5c132_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\138a1335180409c666db663d40b5c132_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6WJSJ70T\2W9S3I9O.htm

    Filesize

    175KB

    MD5

    60ed6f81026159886bf2b18132cd9b11

    SHA1

    5e44aa933c342be4597a891026d48d0881b544ba

    SHA256

    2d8356b680764e1c1f85d8676189ce694e01486edec80bdd7ded6e81d9b7c64b

    SHA512

    ced6b8f72692103c1dd2b817143ba586bde1f7dee425222032f10a7f88b008e27327dad6135e9cea7cf1efe6a091d4988cff1bf8f5fd8ae996a7f5963c7010d0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6WJSJ70T\WGYTHMV1.htm

    Filesize

    175KB

    MD5

    219fd481b1aa2646b200cd00d527da69

    SHA1

    fcc926f93686774bd4eab32a06499ecdd360a392

    SHA256

    97f867fc39a1f42de53b83ad2b703487ed7c5541b1551f2196de293b2ab0b0d7

    SHA512

    8327b20c13854f9d05648214fb31361ac64eab00d52eb85865303cf7a0ec5f40c223084b204a6ae82a86102ebce5dd5799eb59184dd34d1e720fc5925c494d1c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6WJSJ70T\search[5].htm

    Filesize

    163KB

    MD5

    4a3726ad5a1150ffe1f48973cff94738

    SHA1

    503ffa562c835630cf15e524824fb21068284830

    SHA256

    e2f88e2ac226ba38f03e98ce83f994fd5d3f752c2f590ba275dfe4bae207b23d

    SHA512

    cb48feaff3a7c756ee6b314f19bcd50ba4bea9d9a554ccbf26ce98f124dfe42c253d7f92a983df5f21b9e175ba7dc1cfaa6deef61061a36fda5d03a7c8079044

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GHECI205\default[3].htm

    Filesize

    304B

    MD5

    6b54f5f065c6b30df33cab58ffb07dc0

    SHA1

    ffd007ab5083d69cf84ea25fa88dcadf6831ef30

    SHA256

    8a051a90af376c0d7688fdda4ba987ccffd26b75551e0558cec0cfe029a758a4

    SHA512

    949cb3e10170c744a8e465fc0031f6f4f7f9098848cfd4b73192cda67265a7799e35efa8bd3db5c3a162941dca724dabd983e8d1ad8b058a55dfaace5659e81c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GHECI205\results[4].htm

    Filesize

    1KB

    MD5

    211da0345fa466aa8dbde830c83c19f8

    SHA1

    779ece4d54a099274b2814a9780000ba49af1b81

    SHA256

    aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

    SHA512

    37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GHECI205\search[7].htm

    Filesize

    103KB

    MD5

    5f8897c2dfdfaf90c34d0b7c941b98f3

    SHA1

    125bad20e33a039c5e49be9fc7ea5dd4bdedc907

    SHA256

    d9201ddf71b3f9baf36afdc171a90853e1a3dd8c00e063725ebb60284a8928f9

    SHA512

    e6fbecf60b7e3b1eb9d63ec3eb09008a5dd74f2fb041761138036bd4959fb2cda018537e60f3e6eaaa11be531f385ddfb6662601a093d3cdbe666b47351d424d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GHECI205\search[8].htm

    Filesize

    158KB

    MD5

    5e8f7fd3808d7fc13eab68e90c70ded5

    SHA1

    981ffebf984c7d8cf85259e574cfcd9363dd283e

    SHA256

    17c16e966961cbe1bc5a178e6eab4be0d8d0656f9e01cf3245c94871d0f617cb

    SHA512

    963ae089c88bad1454d0054f24e8917f8757fb00635da7539a3a1e36ecf9b928117e293a12aa95d863d61207e91d918648908ef2fe5254c8bb54288cfd7582ff

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VQ4FFWVS\default[4].htm

    Filesize

    315B

    MD5

    14b82aec966e8e370a28053db081f4e9

    SHA1

    a0f30ebbdb4c69947d3bd41fa63ec4929dddd649

    SHA256

    202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf

    SHA512

    ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VQ4FFWVS\results[7].htm

    Filesize

    1KB

    MD5

    35a826c9d92a048812533924ecc2d036

    SHA1

    cc2d0c7849ea5f36532958d31a823e95de787d93

    SHA256

    0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea

    SHA512

    fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VQ4FFWVS\searchIV2G9R13.htm

    Filesize

    97KB

    MD5

    9551e043e5b31b9972bb77cce476e371

    SHA1

    a54843ccb57b185c147c7389c80c6bff0f4133d2

    SHA256

    8d141b9b2fdc536894e3eb05bc5b3028535df96a8e140d57fcd70dd93051da19

    SHA512

    783405e4a3c7dac48f27f22f4f3ac8249fa771fd0ff4e409bc32111e21c016b041bff57bd151e13a580576fcd2439eb7a5ac6ea9b3ca657eca6080590bd57893

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VQ4FFWVS\search[2].htm

    Filesize

    120KB

    MD5

    7d81b0048d0f5d24b7236a85d1af6eb2

    SHA1

    3c6ce8798599b3320d8447bbd4692a9026a2bc07

    SHA256

    2ddf19640260698723d2679aae7ba1e4101c42a72eed2f066f787cb9d1beedd0

    SHA512

    097da391de9e74060a39be6d25257db0ac6cd49deade66654c847e54f73cdaabfaddbd9a4f7f2d72f6934ceca288fdb3dc146dae08a57c0459908a5b29116e0f

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VQ4FFWVS\search[3].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VQ4FFWVS\search[4].htm

    Filesize

    143KB

    MD5

    41c9fc52486d4ba3f3098e505dc6c92b

    SHA1

    aedf890d30ec3a70c61846d1f9da6ac93c92fb49

    SHA256

    10383b44d4554274d8894e3bae4a7259ec664265bc9c69cfc72500edca54e4ed

    SHA512

    0c00f9319ba66449c3065711e07ae176ec4bfbb6374b3c4f77c79ac494295cdd1dfc2f43c3da7d7013f52c7b4621bf4329c1a29f803c54e79cfd88c66dd29ec7

  • C:\Users\Admin\AppData\Local\Temp\tmp2381.tmp

    Filesize

    40KB

    MD5

    5914521b5612157aa78f42412780698f

    SHA1

    608ce44202258354520e6ab41435b1bae9f3f2bd

    SHA256

    7720cfe1787d2b6c4161c50898ecf7bf1b029417baf71f1fc5bf9446c8477a4f

    SHA512

    11fe7282f0613a22c425ee230a1118beb2a555c2b48864bc7b7335906f7eeff54985774a8deb89a44b1cd0eeb6aa8ebffd18b86bd70f549960c30909cc4edf75

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    1KB

    MD5

    a3946f8beadadb6650dcfdd6b84367db

    SHA1

    3c1a92e543b125a7f9af0082c18c3421fd996c37

    SHA256

    865bdab10316c7afe60f1841ea971f9a1d2c84ec9db6836cb5e07da5c9d53af2

    SHA512

    5d12a8f095fd58a56a73b2e51ae2db0bad374a290a4df099a7385569574524dc31fc8dba0a91a9ecd11271da96aa7382dc4a63b55ce4e975039e70180936ca65

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    1KB

    MD5

    a039058c27315c903a8ef51ef7154069

    SHA1

    9f8fb24f1889b180c152cef0e50551fdbe1decfd

    SHA256

    1cd7c4e37e4d7c9876aac03d67809abe6fa9a42b8222d8c9d8c660d47273bfbe

    SHA512

    25e813c9d5a4619f6ab84a6707b2076312e78ed19324fcf44d920bc1e5335bdce16384d3e6b764c1f2480d7d2e5a8d8c8e46068a38f6644688f5021b5f0300eb

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    1KB

    MD5

    b620c83508a8ce92d429d6fd5f9621ac

    SHA1

    b01d4ac940d4521b0b290c39b37f48b32bc8c6a1

    SHA256

    6f6aec70ea0ae15e9c4b450b67e9ee721d0a3d85382a5bc8c6c5fe4fea10f308

    SHA512

    1b8fbe0442d07183b9bb454ca221b45a4d4a80619a668793d5c698f36a08644f278a73e06955476cac832b692fee707c0f0bfd7a871b2ef8bd46d009f3d8ef4b

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    1KB

    MD5

    286fdfdae6a46661f6eb5b70657609fb

    SHA1

    ce17c13ee4ced644b19fdeb2cf965460abb75a2f

    SHA256

    5b0661cf9d0026647b007ac2773459291bba275f7b777015e2ac010524d6c09b

    SHA512

    a0cf6bb3344611d16bd4885b1aecb3b28c97a97312ce2d19c3b0ed54ee7f0a25ac6de425f1ae28aa7652f0b084ea1ece8237bf41535536fd36054f3dbd0f52b7

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    1KB

    MD5

    2c0c5c59a43338c3e8ebf5647ca18c62

    SHA1

    30794ce0cb0522492571ac89bc5b5fd1ed8bb697

    SHA256

    ecd9fa827cd2fc8dd1132cef631d064f991b5440abad6fe0b6b1b57f14d43d05

    SHA512

    117e2defe442836ec3245faec010cd77fd32273b0be16ade106f9dd7f698cdfb38aeb1d3bf6b6f67a29ffb80f66cf4798059e9589d833a2e9de28d8990773fb6

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/2764-0-0x0000000000500000-0x000000000050D000-memory.dmp

    Filesize

    52KB

  • memory/3420-13-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-137-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-22-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-374-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-17-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-248-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-224-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-7-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-233-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-229-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-540-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-541-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3420-544-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB