c4ae2eeebdb6b3f1b4482a5c7241c91a9b5b2a9cc8bd82ac58f0d33f6228381a

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe
Size

227KB
MD5

16d173b6046480f5d6cd5289f6f202f2
SHA1

ccdc43710b8b4becf3614714d1d916e2213bba3a
SHA256

c4ae2eeebdb6b3f1b4482a5c7241c91a9b5b2a9cc8bd82ac58f0d33f6228381a
SHA512

db274e2f8d966023e9d85ddbd3ec6aebf4eefcd2dd48db3b64bc4d44fd3226869d2455ac11d3b6a46cdaaa6e1a09a9cf2ae0eac6af0d2ba5bee655a386a75342
SSDEEP

6144:Rp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3Vgv:Rp4wj3t9B7wp+1+w7NSoS3I

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x0000000000C30000-0x0000000000CCE000-memory.dmp	upx
behavioral1/memory/2280-44-0x0000000004340000-0x00000000043DE000-memory.dmp	upx
behavioral1/memory/2884-45-0x0000000000C30000-0x0000000000CCE000-memory.dmp	upx
behavioral1/memory/2280-137-0x0000000000C30000-0x0000000000CCE000-memory.dmp	upx
behavioral1/memory/2884-138-0x0000000000C30000-0x0000000000CCE000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\License_ru.rtf	16D173~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	16D173~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	16D173~1.EXE
File created	C:\PROGRA~2\Zona\utils.jar	16D173~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2504	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2504	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2504	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2504	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2884	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	31
PID 2280 wrote to memory of 2884	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	31
PID 2280 wrote to memory of 2884	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	31
PID 2280 wrote to memory of 2884	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	31
PID 2280 wrote to memory of 2884	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	31
PID 2280 wrote to memory of 2884	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	31
PID 2280 wrote to memory of 2884	2280	16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16d173b6046480f5d6cd5289f6f202f2_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2504
- C:\Users\Admin\AppData\Local\Temp\16D173~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\16D173~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
96e40ee7b833fcdbb5d07ef0ecdd67b6

SHA1
d4e06e1ba52b6fc59650f33681841ed6b5540a8b

SHA256
001b0d1704668b8e0c5a511e4b36a059401ee1f994ed9a0a23d5d9ad65eed0fc

SHA512
ee3af5e46a776b9dc9dbaf448a86c871a6a4004adb8e6c51a2a71837fee0bae62dcb1466a3fc3db6b59586ca4a5e74b155b42c86094f325c2353d720d3d8a4fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
35bde970a8a19efcd908ec5f4d2e10a0

SHA1
bca1b28844cb3e88b4040fdf8143dd432d51ce28

SHA256
2017876ee6f9f30f53e8a4666ab8aae47ec0404cf846d4726ca38991fe9282eb

SHA512
49e3b8ed47e492006ff3ba1870aed8fb19797499bee7da3e3bf9f4daac7b60894244cdc6234ec8e94445cb36431047885de71699b94347c1d52a77c5ca88b44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
fa093fed736cc1d2d3d06babd97e89f3

SHA1
37cdf7cc0724598c2a58d10e7ff375f88df7d6f8

SHA256
cc754f3bfbe0aee06dc833e4a3d0532e08f286e7d1b1e8dbb25f5e8b33f2d58b

SHA512
a09a4a16e241622369320374d7fa0c414e511d95fbf51d510534ed64e0044ef0dc0e1e5185c61165ec1da5e414495f15a9dc82a8e7adfc0791706514b698d272

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
d1b119f5622b7d080ae4ad27dc6be4e5

SHA1
2a993225cf19b00ca2fc2aafb1be1844299dae07

SHA256
a8b81da256224844abd1b5180fef3f441325190221749125c4b184557878bd90

SHA512
3d41f25a9bf24071b45fee6ddd8ad0906abfe76d4ae7c034fe38881b3e5bdd993569e06d801149a0fe8a8286205925afd9572b66f6412b60956dfaa5ecc9a2bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
367ea52527e90a999040ffac0eacfb24

SHA1
ba79eacbe1abb1d11df3f9a4e94ef04ff4d9b47b

SHA256
4fb8a051f911b725a76533198981f7b67aeb40955fa498327e3862b6a6742e91

SHA512
f6b47a3b6c4f168660d3e72c16e11ff92b3d0e5e0aba0de3f6b1e7e2d7511b519e26a995f9c173a68bb0e9d278a6b1b1805a3482781b69aa91f0717b296b30f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
e5e48ccd2bf919df03b75bb71f70459e

SHA1
8fa6b474ba9f4e334da9f5fdfddc257a4022bf56

SHA256
d7972056acd076739790a9c764e588537e47371c36493bb497b84fc09acf11a2

SHA512
c6129ca0b98839269eec87c567c721d3aa70fb747d43deceaccb6b981e9bd0c49b23883cf05026d75087089f0d6bde0b74f3eac0387b36db6d9e2761af775e90

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
7674550533b2f457f2ec937b1dcb1cac

SHA1
c335cd277dece6a5b62460c527e170488e8e8860

SHA256
88b5ef5b8ea88b52962f391ce80cf11abffb1a821a4d86401b767d664af0b912

SHA512
d36ccdd8d43e3d3bf04d3f1883169470b4a68779b42feddc6ce3875b55b0ad598045f69568e0b15334d651cf31c90c71bb19c7ee0b3b720a195f97e87cdd43f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
57417559206e998422e8a4c5138b1ad4

SHA1
c788eb2f9270dd5a92a72101611540035fb4db16

SHA256
5666b49dfa3a3b84741a1e2c06c6067966d3964284d76421433242270346c65c

SHA512
fbf0e7293793984ff176864f35480c257ab1a3f1d6eba2cd10b8d6111f0fa6c0eab3b4d3c735571a7b88dd3987b5cd5feefda46c9bc387821774533f4dabd893

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
2KB

MD5
41e44b5d271e6681af0c9fdb3940d574

SHA1
1271b725f562fc93adb095d037baa70c3dfd43a6

SHA256
1247db5d878bb565a6a8f5eddb676bea0a9458118ef3535644d2e296f98f1ea9

SHA512
ca8ddb5938b15afe63a85ac52bb70d226f7d00da996517a42876734ef1602a2b28420ff75a3cfdef41ec64cd133d7e491afadc1b0428accfd31334dc1f0dcde9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
fe85b433ff77c41675624fad431933f5

SHA1
6c4fb2051126291f92a34a3442c09fbdc5a27599

SHA256
3cd6b87a1dc3bfb2c0f1159d49d4ec529c0758d5fe0ccffea2ba6a82662d5447

SHA512
582ba2748dbd77d9e1710f90d68bd500b0a19622ed4a3414d058920c77871404f1bfc3d223ddc8ecea6da2e9393f10e1d46128c1b161a27810e7bebfcf85c21b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
5f99ebbcf02ea548ec94172b4e2177f5

SHA1
667df0f50458fc6901c2c46296627141d9baf944

SHA256
7920d0c2f6d39a7c4f16712182924d8e324d49eb5b271f0c71fa7c976fa9fad3

SHA512
1ad98e9182cd18126311835228cef9686586d65370115849ee2c0e5952742630b4acd6170dbb4f5c650ba1cc9137747e8b35901572a50a4fb8b17e8defc128fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
f782f0b4ffb069d2e402d59b0cdec299

SHA1
49e3c055f6df53b37f4c5518cc1451032195df57

SHA256
7cb4b46be4de88835247d4353f1b11049f2c584e02c8303a9a31927b88cf33a4

SHA512
1659cf104ff1a224e7716014cefb19eb964e7b7847dd700315c86f0872330c2941dd381bc4b9e01c593c814a68d0963acc6f75805ef5473ec23ed2c27f6e905d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
d95f4b8a89bfe6e29c4df90cd8008082

SHA1
666733885f35cc71c1279cf2fe8a77c47b1bdffe

SHA256
3bc202abde024d929f8c302133ba00a6fd911352e504d64b89eb1ec9c27c22f6

SHA512
b771b983e925882245a27cd4830e5a9b98bb3454607d97f2ed2df150d92754cb4fadb8b9ef6242e16da29387477ebd43cba09dd7977de56f820b2efda869161b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
de90932b633a20ae79770dc778bc2048

SHA1
278c76f690849bc6863ee6e435b9b005d9832806

SHA256
95ce9c340828a42349a83bf714c2bf05969cd6c73bc04f7c5b0b0031b983fc0a

SHA512
b99741a59fecf7d224bf50dad5c54f1c4b2d435414c872e74d62af354333fd31f2c0a2401bf8bc2d6760d366db12cf97b710fdc9d083b7a2b8a4ab02293be5ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
1KB

MD5
439db03ab342e1e8143839eaf8fb173c

SHA1
4580fdd2eae710f10378913f2be5c82d9882153a

SHA256
47473890bff44d7138ffabdb519b2bc1d2f708a1feeddaaad4f95872c56b9bc8

SHA512
59d7401d509824921e20b0d80dacb0abe58a9df3121a28029dc0384a18c4dbc14c889059d6577a15e334f956c922c695565b0f39dd30bf92256b914ed33ffd48

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
fad55bfb4ed69b04e73ac86723336a05

SHA1
b3022b65ed4b24ce0732be513515aa4347e92cbe

SHA256
cd9e50cb916268f69125c26a29cbfd36c0d743b248e955a5f36169fabe287fa0

SHA512
dbb368f72d3fa698a4df81d0718284e935c9e2a11035d7e85bd4351dd24b57672e4af2a100578038b0bdee35f8d3e32e7b5cad2e818fde8c08ffe9b1dcfe776a

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133593712817144000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2280-0-0x0000000000C30000-0x0000000000CCE000-memory.dmp

Filesize
632KB

Download
memory/2280-137-0x0000000000C30000-0x0000000000CCE000-memory.dmp

Filesize
632KB

Download
memory/2280-44-0x0000000004340000-0x00000000043DE000-memory.dmp

Filesize
632KB

Download
memory/2280-206-0x0000000004340000-0x00000000043DE000-memory.dmp

Filesize
632KB

Download
memory/2884-138-0x0000000000C30000-0x0000000000CCE000-memory.dmp

Filesize
632KB

Download
memory/2884-45-0x0000000000C30000-0x0000000000CCE000-memory.dmp

Filesize
632KB

Download