78d48ff5f86f03d0bb64683df00e110c26d4b356af9e08c78d590c2f9da0c9d5

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe
Size

40KB
MD5

7f677fe476aea016476d23eba357cc2e
SHA1

df5615bd3aea0f8468789c80eeca740168c53adb
SHA256

78d48ff5f86f03d0bb64683df00e110c26d4b356af9e08c78d590c2f9da0c9d5
SHA512

482bc51ac0db3acc00b74325dee82498e5f6b24153e3ed0abfa6bbd5056d46ffe2d7dcd874e4aff0dd3b3db22735960c8c112d399d9013b15141c77b283f68c7
SSDEEP

768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtHbZ:aqk/Zdic/qjh8w19JDHN

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
832	services.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000900000002342e-4.dat	upx
behavioral2/memory/832-6-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-13-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-17-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-21-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-22-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-30-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-31-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-35-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-147-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-226-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-230-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-234-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-254-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/832-423-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe
File opened for modification	C:\Windows\java.exe	7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe
File created	C:\Windows\java.exe	7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 832	764	7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe	82
PID 764 wrote to memory of 832	764	7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe	82
PID 764 wrote to memory of 832	764	7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7f677fe476aea016476d23eba357cc2e_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\results[5].htm

Filesize
1KB

MD5
211da0345fa466aa8dbde830c83c19f8

SHA1
779ece4d54a099274b2814a9780000ba49af1b81

SHA256
aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

SHA512
37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search[4].htm

Filesize
143KB

MD5
df243b58af21be576bcc9f5ee0ef9320

SHA1
86ba01919b9011922fa071b6f30414b06226e2bd

SHA256
837c39db9a011dc2c05bf643b0cec5ec58ab42dd09ed970e981211ffa9826f7e

SHA512
5fff5ddbdb92b5c36d2361cd067ec1d731268664778ceb74cac1feb16ed647b0518ac03f9c5a97dad5e699aa32a4aa820871f0edde38fc86f1126f7d6f6cb7e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search[7].htm

Filesize
117KB

MD5
86488bda865e174fa9cbe6892b7cc684

SHA1
e6f95f4d4a25acf8460a3b7b664eab724d969176

SHA256
9bed27fd0f99b33ecd3e0b54a731d5101c4a29322bd91e60e4673c9e44c0c5f1

SHA512
a1ebf2c4b6371e7ef8b7fce7d4e1dde74ce2e1bd2107fa3b2e300cbcb4c8c68d4870d4c9bc58a393c29e2e0d9b22cf9ce9d7b84a2c4ec916783fe1db589b3e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\searchJSZ3MK0O.htm

Filesize
130KB

MD5
3edb056e3164557d4911f88cad2bcb22

SHA1
8168de9a4efa1f4d188018b0a434277b006b1aae

SHA256
4adc90b29877ffa7efa9e8d76a9993a9a0ad44ecf5e21b110baa5d1760cfbdf9

SHA512
84451826e4c6b89a4362bfcaf109a002d344e2b6cb221ed53581f00cbe70a2681e67e3aa7f60696a295a2925f38534bcf3ccbf5fa3f21c5ec391fc65fee19ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search[6].htm

Filesize
159KB

MD5
014c6a20613b5a6c649fe0c989e0b83a

SHA1
db827a2b2468a79b60c34937f80fc51ba9fafe1e

SHA256
3d0a372c029a055b785bfa29a8eaf1abb0f876d2f2821ab39bc05ed16a0b017a

SHA512
6dda21babdc2c5d92df2bccf8a50ca90d2ff7ed5ad0d953497b269d7b1e5af18708d8ec0717a1e7cfbfc5d06fae5e1fcc053a8f99d6054dcb97756425c8b2972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\VSUR193J.htm

Filesize
175KB

MD5
9bd594ada0b7ea17e04d0d8cb06306e4

SHA1
7febfe5548f726dd1c1e5902dd9d51e703688a27

SHA256
5dbe4d3997755a7bb162306df4ee8cdea87b4d23316f2c4aa880a6862d254978

SHA512
5902c5ca050595033d3156ad1ef6a0b9ddae5480cb1c27aa9a16a2929a24ad46228b00e26429ce31a4572434d829f59bf736432b070bc7d34db8f10b1a850f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\results[1].htm

Filesize
1KB

MD5
35a826c9d92a048812533924ecc2d036

SHA1
cc2d0c7849ea5f36532958d31a823e95de787d93

SHA256
0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea

SHA512
fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search[2].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search10MMGR5V.htm

Filesize
139KB

MD5
af297805b136149f01826078f0b8bef8

SHA1
155aafce7dfb5157dfa7565d4f1b68e0db6b7606

SHA256
0dbc0fbc967068cd761baaa7e528381f529d02d6b838785d38aea9c2f09945bb

SHA512
38a965b05d17d45b2b574b1a2ccc01dbdec8ace90552fbccb2faef089262bb83e87caa7cece47718aeb14f6205961b8444a84cf81e09717c7d7b8f241cf49ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search5PQQ6X6O.htm

Filesize
142KB

MD5
39eb37c7c7a0748c4c1e93558e4b94f1

SHA1
8fb76cca5075c08f658534bae5a1e9501d97391f

SHA256
bb51260e549c49aa7fa5592560fcf630a16a3d7860d5ddafc4f4e6a36145e239

SHA512
ce57b93f90d3582fd6299cb0ba982a490b5092a8383321e8e6ef681e9a6eb21cf8f648bd701a84862909f73f5fa3fb3b311d11b60fc410bf3dc5b307b26013c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\searchS2ZN1AMD.htm

Filesize
117KB

MD5
7e6632a48254d6cf935f715a87d0afcb

SHA1
9745cf6744b1233d63fc45291be5ffad7d06b6bf

SHA256
9e6aaf08bcced5c5ebc3bd56b082202664cf241b37ab5dd86344374bedbd3080

SHA512
5baa12cc38888d915980c5138cedcc381f9d68fd0b2dad4eff9a4c958eb698e64cc8dd5ccbfe732406480d6b8983c9c3ac8a779f25917040d06e9c21257b7eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search[2].htm

Filesize
115KB

MD5
284f5740c03b38734ae7391509c1877e

SHA1
cfd714fc286d2dd6bb436b2b4e2ad02b31372925

SHA256
a5cfadc77f999b5da13f2c42cdd8578f9a7f26d7e8ddfbc11749742064dc5f40

SHA512
5e53b625b419765383f9a020dab650bd5d6d1bbcdce002df229a5b727bc097ace34a5ffcf17782f63854ac1b14eea346da82656edc6a5730d1b69c79e6861136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search[3].htm

Filesize
104KB

MD5
e38c4ce3063d46ee5163c407ae7ad56b

SHA1
23e3092fb319a051c5f918618d2e218301e0063b

SHA256
31fe49cfa80fa2c917a525de0d6b3c068e7f665054efb25052a057396a722fd0

SHA512
b81b87eb82fd7f26a0074871158e84963cd81e09d024f02b91d4bd950908b7ad3f37af53f94ec7680ac831307b06c4ca4497989da9855c6bcc9151d8708c68b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA13C.tmp

Filesize
40KB

MD5
10f222e3a5f931ca11520d1e354fb53d

SHA1
9e7bc64e9cb5c6dd52e12dbe27ca9b2b326bcf25

SHA256
2b5d958b8ff6c000891267afd54e35a938e75524049bb94d17bf733cb31b4060

SHA512
352ea526fe47cb3262543fe86fb845b235543b49bc0a6848ce7103581fec02ea541471ecfce870cb21fed10fdc2803f91fdde067f97cfa6943d62e5bd9f99285

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
dbe2a59bc68b3e00b555abc664603df3

SHA1
afa42af0f58ac7efd267d35e37dd1f4fd62c27c3

SHA256
dddb8b44dbe70c64bdd7eeae81214ad32c7992f5dc50378d08daa5f172e036bd

SHA512
1cde9a332c8dc8f7378ff2ee2694ff782a8f2052a9e323490e04df467c7a1cd3f8aded33c4cdf44b9ec6d6b954577a07c66f9cc29d6a26a4e510e1e9aa67a08a

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
d3528122222fb8ea4d1491d2d4713a43

SHA1
521dd161bb2f57ba63898b2521ceb05f5c298de2

SHA256
be95c5bbd00c02759252ee5df865aefe2051c01f5907355adf64cdbe44ccfb76

SHA512
14eb459edab65a757c892d79d182579174a43acd3c2ab3aaaf33b7e667ae452d6fbae7952200d7dd1109e8335586e9c715b6a4ef07d3c718ad90f53874ca980f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
64fd55e0a74b86cdcbb13630597aef54

SHA1
1b97133986783b343e73588b6728d605abcd5ab4

SHA256
e116fee787f562586a4a51e9502d7e73b4924f8548a210ed636bf0f8d3a974ef

SHA512
c7f3058c796f06a5286b5f25b46a9711fcecf624fef2844bec0700b113d8b3bf9b18bdc6a9fc6c9fc80c9ea8fb7b430ab5d3b281d9dd700e2ef913c86649fc42

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/764-0-0x0000000000500000-0x000000000050D000-memory.dmp

Filesize
52KB

Download
memory/832-22-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-21-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-230-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-254-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-17-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-13-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-226-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-234-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-6-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-147-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-423-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-35-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-31-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/832-30-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads