Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-05-2024 09:07

General

  • Target

    40664b52e67d7256a282d947ea85fe2d_JaffaCakes118.exe

  • Size

    29KB

  • MD5

    40664b52e67d7256a282d947ea85fe2d

  • SHA1

    3f92b30e065cfa7bd22fe663d80f727bd6fdebad

  • SHA256

    21797e18dd8010b1f0140b5673ffe9e97a954246a866653a82102ed0b5404d94

  • SHA512

    71c5a0e26c1ae74be1a7201d942c2ffcb11433375ddb470fd7035680c1556807259256c5d3f9df40363a0fc137cf528ffb28c111a859595218cd801e0119605c

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/PF:AEwVs+0jNDY1qi/ql

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40664b52e67d7256a282d947ea85fe2d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\40664b52e67d7256a282d947ea85fe2d_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3140
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOM5RXN2\searchAB5994EN.htm

    Filesize

    164KB

    MD5

    2071d1098f21d1833a7cfeb6cfc84c0e

    SHA1

    70d370afdab2e295af9d282ef8e0c95d1e540c55

    SHA256

    09ee49726f7e58cac4b842c0cb33dbb69ad0b56ac5da73d9c5f933753677dceb

    SHA512

    4c5f6f20d02c3c49a0239c46b1ebfe25d82c39a8ba1a7e3fe1a52c80da3be3e0e61389d2a921a81e95ea98539a8486767dba95a128fd3b0aa280100a21a91cd8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOM5RXN2\searchQPJFC2PU.htm

    Filesize

    144KB

    MD5

    78eb386c9213822dcdef074884c00d78

    SHA1

    11b7479ca4815bb399d5c28e7852af9d4201624a

    SHA256

    a0b1c7da9733d625f757742a68a1a4af2739b8f3520721813c65d5cd39bacd57

    SHA512

    053f0213672aa49130a94094acd176e53df7c19d570115421db96315f90886ec1297128b9d37d94eab5c7364bd5964ed16f80f6d242f22400c44c1eddb72c454

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I50YRZD3\6U86M0YO.htm

    Filesize

    175KB

    MD5

    8693123e3c468fd62fbdd16ff5d65d29

    SHA1

    48911d097d0ba39c005680fa9026484f915e0a22

    SHA256

    b4ff77b059f98ace4c9e6965ab232c3129ea3886c33f802d20cdd7fac852eb2f

    SHA512

    48220b549cdb8819222b12c77597ea11320caa003602048e0089a6b37cff694c4908367f495094a227345dcb03d6db29d6c4a1221cf12e4a397c3d1dbb655422

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I50YRZD3\search[5].htm

    Filesize

    112KB

    MD5

    78ee9d280b0f1881bdd9c6219c17da1a

    SHA1

    f9872d18b52170ea372e362a47313a381502fa27

    SHA256

    bdc6cfa1e37a501e6ecd289601083915963870e214c036d090cda8da21d951ff

    SHA512

    88bb4f4ab5f034f417b2a83d59602e24270b642abe07144453e1b80ffb6d435e98571c024706867b03aeee0eadb2f031cd659bafed51f9ebbf525611d31749ed

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I50YRZD3\search[6].htm

    Filesize

    114KB

    MD5

    5590d393382981b1d0b0d3c362086b2c

    SHA1

    3550a193d198ef42f336d8bceccc451c7b095a02

    SHA256

    ef5a2b7793f7ae8c2132dcaa0f886fe42aec3341e2f872df972b42e255a57856

    SHA512

    27279f8ca39fee8b00a887dd65a00b11917d5627910f4c1a067d1de95b6fdecbae754e077e96b0a86b4e335fe0e228e25295b0279350038154b60cfde579d446

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WEG78UAE\search[1].htm

    Filesize

    154KB

    MD5

    4538dff4e7f5b7ca93605f67b4a34612

    SHA1

    68a068b6485ccfe6acf5bd30132167508e5136bc

    SHA256

    4dd7d40c3155638b93d66351a660f4d85d1358e7231ccaed9a4a721240795592

    SHA512

    ffbb3d66c211edaad0867c1c8a66fc9181d1463c4edbb79a2fd15304de7bbd3146d847849c1728553257eea8f10cbe4b831166c099d9dfdee88d2d8484f33936

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WEG78UAE\search[3].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X2NSSXLH\default[1].htm

    Filesize

    312B

    MD5

    c15952329e9cd008b41f979b6c76b9a2

    SHA1

    53c58cc742b5a0273df8d01ba2779a979c1ff967

    SHA256

    5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

    SHA512

    6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

  • C:\Users\Admin\AppData\Local\Temp\tmpA1DC.tmp

    Filesize

    29KB

    MD5

    a6a5e57884992364f9819b978d798bee

    SHA1

    b0b6310b6e8678b8b6926b5619a4394c15124415

    SHA256

    8a36793b175e452d0e15e73e1269a3637ea0f5e39e46bdf6e11f45944fc928ca

    SHA512

    979c79a12babb68572336e57ee935f4325cd932fc19f9faffac0b4af22dc9219c255d2d86f340d4a0db41d4d23a48b75d69cb2324b2a18228d954409fa844a3d

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    a6c1bcee7852413b9020aff34c686d9e

    SHA1

    a2288d8f1de6f1e9083c94b941a494ac22594486

    SHA256

    533cc6b966bdc6b5417d7f4ddcb83a4226c360d3481ea1d0b2b014261d23d316

    SHA512

    0e078a333704f2a26d095d13b237568b54abb3ebb38f63363b8cb66c16a378454b33f4a31e94781795eb78e7def5fe092ea8fed6beb70c34c4fdf22ef2cc3b89

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    5dfab162acf8f5e3772f0b0d4c7b035c

    SHA1

    9da6c4bd3861cddffa7517e731e79ebfca946cdd

    SHA256

    0c617b8ed047bd8582b3b13c4633b99fdceca94abb22eb9336fb94ca0b2c8902

    SHA512

    492504e1f621e5688ce0b006e62adb742d2308094f4409e79503ef14fae76fa95746a16776a23dd82504a1c52991b8f1c2c4c9100e03e99662d9065124c4440b

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    716e4b239d45c3007e980e23cfcb49ff

    SHA1

    fed5c1bee4f683d9e883b38f3547d9d393f8b683

    SHA256

    4849f0594674b15c9355588c4f847b99ef5d392849997d3b0443661f5d381b4c

    SHA512

    1313ce1cbe1c82a98f86b40dc365d19e9bea601059c180520fcf3372eb457b7580d42a1e8fd3e359d5c194264b6dd51149d3fe5f55c5f2ec358b38c75a571087

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/3040-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-6-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-43-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-483-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-38-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-14-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-284-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-48-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-400-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-394-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3040-398-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3140-399-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3140-393-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3140-283-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3140-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3140-482-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3140-42-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3140-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3140-47-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB