bb992169cca5d87708f687c762b6d617c722784abb9a1e00674c28a20255faed

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe
Size

227KB
MD5

222cc5f4cb248f54e2a7b4536a890868
SHA1

567b687e8e29afa61c519bb60acb5be8989cfa6b
SHA256

bb992169cca5d87708f687c762b6d617c722784abb9a1e00674c28a20255faed
SHA512

71de41903af25871a6e8dc07cd3f3c2456f401078381921e2cec46cfbb1812de7bf5ecd68e86c2498de857d3375760e9e247c1cb2c81f4589a8685101bca928d
SSDEEP

6144:cp4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3Vm/:cp4wj3t9B7wp+1+w7NSoS3q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/844-0-0x0000000000960000-0x00000000009FE000-memory.dmp	upx
behavioral1/memory/844-43-0x0000000003EC0000-0x0000000003F5E000-memory.dmp	upx
behavioral1/memory/2448-45-0x0000000000960000-0x00000000009FE000-memory.dmp	upx
behavioral1/memory/844-140-0x0000000000960000-0x00000000009FE000-memory.dmp	upx
behavioral1/memory/2448-141-0x0000000000960000-0x00000000009FE000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\utils.jar	222CC5~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	222CC5~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	222CC5~1.EXE
File created	C:\PROGRA~2\Zona\License_en.rtf	222CC5~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 2588	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	28
PID 844 wrote to memory of 2588	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	28
PID 844 wrote to memory of 2588	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	28
PID 844 wrote to memory of 2588	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	28
PID 844 wrote to memory of 2448	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	31
PID 844 wrote to memory of 2448	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	31
PID 844 wrote to memory of 2448	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	31
PID 844 wrote to memory of 2448	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	31
PID 844 wrote to memory of 2448	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	31
PID 844 wrote to memory of 2448	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	31
PID 844 wrote to memory of 2448	844	222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\222cc5f4cb248f54e2a7b4536a890868_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2588
- C:\Users\Admin\AppData\Local\Temp\222CC5~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\222CC5~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
20c05dc819a57c295c1ecfb8cc5da32d

SHA1
a5c3e428597dc018819ff17df342cf26f1bebf25

SHA256
f4feef1ce3c7594de08b38e1befcde7af97191f297a5825a7fe2ee17ffabc970

SHA512
e12c485c2f3fa7d84e448f466bfcfad0ab7c1b404d080ff3ba57ca32ea16fd982492622d258082e51c1c613850e4fb165f0e140e7965d2d7e7583239569e4269

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
e84f0d93689a4f8aabc6f856c6a60042

SHA1
ee3b7e0916c66a0ba8de3b02bdfc3b8dba5b0ea7

SHA256
44737d901e2bf27323edbdb7c52b77c9fff9fa08941e3f86a4d06113d33bb6a3

SHA512
3b735d72df271f87a181a0e7af16e48b515fc05d26955b8395c306bc23a0dfb2f5dfe5ee035948c377749bb51f3369d77df6d57075dc8e3fdbcdc8bacf4f3874

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
328f7b99929872d4766bfce075f983f9

SHA1
3d17ef0c0224284a50cca1c6c7d854d7f6030435

SHA256
72325017253fce654dcb2d95f6877279e28608a75f23e793a73f30545595134d

SHA512
876662b4b3e751e86b4babbca2de5041b2482ad72272eb6b460ae8ad0691dce9217f857ef2a3df936ebccfe0bdb3759cff861e463b757459f81197015d500eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
1bdf92ce71cf838ad117816938d1b4c5

SHA1
114af156e07803f8c54d065c937689f0940580ca

SHA256
64741c7eb6b049908aa2635c9417e836cbf626a3f1182b758f2f6db987f55801

SHA512
348f1dcbdc170bd79f8336c934ecfa31c6111972a9dab960012853912f8d20d5dfc652783094b057293e4de15d45bdf0a9438ba705c43b4c61fc5c83b0ecbcd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
317dc4a985681c2e5604b3330e30708f

SHA1
d612ec32fc63552ec70391e1a9268f8e1e9d426b

SHA256
45be5f85c69cf6967efb3b10d0e75c32e9d1a2b2d9267f176f2c8d9e58d40d3f

SHA512
d539647323e08e2d0d316d04f2a2534f1fc8828ee76e3bd5dd6a6ac00cc05e8d928222e469bd9110ebb2875d483f6dd411d5a572627c8651f588122d751f2d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
e034d52a3ba25272f65c6edf39921d0e

SHA1
ce1697df2dd33a2ff84a5966cff76fd3c89b4656

SHA256
da59d9140df624b84761360ba323b80f70e318eb5d4b52a1f1fa03e6a5f80880

SHA512
bfba72f81dcead9bc79e8ff51c3409966cb0bf522e99614d927b21815af5722216d6fb8b3281ff6774df2f916540b2c5e43f960d9a8fb3e9ce720cc5892e094d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
6ed8d5cfcb4ce8f8ff2d0ce0839a0a4f

SHA1
491643d097401edafee2aa76b99686a1698dabe6

SHA256
fbd85b050c4554d961ef88f75cdc8fecb8bbedd14afd5016ff8936743694ae6e

SHA512
143371e8a2478e479b0289f9a3fd941a9e2982fce12f4793861f1b4ebe7521da9a79fdab1c1f40fe5edbba3431ee8fe9dad77243341ee7c8e78b0ed62e574e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
13KB

MD5
111fb724547e0fddab11ca1214967961

SHA1
9ae32d82d4fe6ac3c1f37ce52d994a5331c41f11

SHA256
3a702ecf7ee5dbfc988df979b2c1b8c5ff10473419cf0609955011c2cea26996

SHA512
d558852724b05d11b11ddb3c2e584b36f72e78857aa5515a73aeebff5b59791593bcdfae2288d686e84d5d8812e5bd5b3ec4269d08f929a0ecfc65b5f14a6224

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
e3ed474b843b0f631d818b6cad1fb49d

SHA1
ac57bb5ab6ac1e0dd80afdb0126a01a4b7db0f27

SHA256
b6bf1bbc5a138e0d6922c7b342c4259925d4bb57036d85559f3d5af6ecb66fc9

SHA512
14cd3dbb5caf1a8aa050a28a85b5bd6db5a7dd590521ced2c83fec6fdf1358c5dcf084e6d1fdcdc1fe1f07097afea18497a35086819a03a3838a51322feae98b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
5d2819138290efbb6e7202eda797af59

SHA1
17a10e9afc2e41b3d494117b4c4db908501fa480

SHA256
b8ab1e3e6236eae67922392bc9e61917b5fcc425793759f75f60a731d1dd24e1

SHA512
a893c02f9a35ba3c40893777eccd30371c4cc102d859b32ddc727c595c97782cc7ee73e69bcc8210e53a3ac315732d5e77f2dd408e28a7a410e73751279730c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
a384297bdd7b052e2e04fa0850649098

SHA1
ec638250331c4726d42e2729ad867b8c51033c2b

SHA256
50ee4c4159ceed0966ebd25c9c71a3323f06526893a52408a96f6469f84b50e0

SHA512
a4cd32a6be5ca67a7a87eea8933d018c7aa8c61feec87d65826b7aee6d2283833fb3f4d0eaf66e46a4b52ccdc61e5aabe345ed6c98c95357fc0b0b791e8ff462

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
5dbbab4b21d44e51fd60306c6e826d54

SHA1
763b406b664ffc6ae11df572c06d77ca30c5a427

SHA256
ea566b88bd98d02b69c34dc6481566850c5b455c0f69000e6fe6c1197d84a752

SHA512
d53ddd3ebf7d3d2ee14487b564809df5e2f365740c873513dc8745ed2379a0715bf254c87b6c82d0945ff3d355113fa7726a8276088f2986ee6dc37a16235137

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
37eb6ec17b3b2890e85cbb24f7d21b2d

SHA1
8e60ddaa29ec3eaf516a447ea2ea59ab8e4feab2

SHA256
21fde314a06d9843970af9d3ede83e065b8fc9117ccd3876844558cabefe11c5

SHA512
32164171b20b4678a4fe0a341034bcc1e6f13f6e6571ec7a60164de40965ff9119533ec5dd2fc6fd55a7e1c10942ab3b2d0ac2d63796de30f0a853a15b0d913c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
7KB

MD5
ae76bdb5f26ade78623b2230bda1a4e3

SHA1
2bb99fb51b9ea130f5b784e96198f3c73afc66d9

SHA256
014b9f206b1e8df42512390f8a489fe4a289638d03a8d5e389d5273a7f03f727

SHA512
4f069f7cc24e7e3dfba5b79823c3dd6e0e91a1ee023e053b153a9be26deb5e08bfd66d669f044ecf96574b9eaaf61cad85d22f1c540b4bf3e032257f6442e33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\zon1018.tmp

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133595977346672000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/844-43-0x0000000003EC0000-0x0000000003F5E000-memory.dmp

Filesize
632KB

Download
memory/844-140-0x0000000000960000-0x00000000009FE000-memory.dmp

Filesize
632KB

Download
memory/844-44-0x0000000003EC0000-0x0000000003F5E000-memory.dmp

Filesize
632KB

Download
memory/844-0-0x0000000000960000-0x00000000009FE000-memory.dmp

Filesize
632KB

Download
memory/844-209-0x0000000003EC0000-0x0000000003F5E000-memory.dmp

Filesize
632KB

Download
memory/2448-141-0x0000000000960000-0x00000000009FE000-memory.dmp

Filesize
632KB

Download
memory/2448-45-0x0000000000960000-0x00000000009FE000-memory.dmp

Filesize
632KB

Download