Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 04:57

General

  • Target

    8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    8cf38bf1440cb8a40847cfce6ec71497

  • SHA1

    5e78cdcae4633d88b6a0e8dcb53dd4efd8ef7c44

  • SHA256

    22190ec514ea9337a96863b64332c5aef8409711cbfadd3838a51499c2023de4

  • SHA512

    f82473ad69916ef81c169459fced8c33e05b428bfc117e61ded9701cdd1b9b0889398530f5a2dcf72b62fcd89fbbb17b219aa98ae856d9ce0c3f162f595e7c1c

  • SSDEEP

    6144:SifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRVy1:Ffk6kDqHw2hmxlrz2HoSRQ

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:2712
      • C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE
        "C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
        2⤵
        • Drops file in Program Files directory
        PID:1696

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            8KB

            MD5

            e260a70daa8d700f5bdab63ae61c538f

            SHA1

            4d99015dbdaff1f92a6129615df98e1676e845f3

            SHA256

            41077226b4f6fe0c855f5c7267f7e91e468838961bd882d69e99a1091a51fd4c

            SHA512

            ce20a30a8750ec87752fc9b83dfe7d247e1ebd7c0cd0845a3e6ff28205f4845ccc84efc1c3c68f07d3071091be53f0b5b2609d34ec576a3c0e752a93849b23f0

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            9KB

            MD5

            603bfa5a05b4783e5eac4214bade0818

            SHA1

            bbe58e1d0e697770b9ef08fecacf7a8e29c35e9a

            SHA256

            b3a215c52a20c92bfdceac90ea1894dd7956cd030915be19d8accb6e27e0bbe5

            SHA512

            598696467ebc498337f477d834f2290d4520d802bd131ed31185e3a7b633b0e2ed8d0d6b39d9269ca43246284d1adc9471459979fe83c6b7eaf0cf9671339165

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            9KB

            MD5

            31f9015683520c593fd8e04bbc96892d

            SHA1

            efc4b70062c18405907767f9a053ea9df8b93a6f

            SHA256

            7ceb54e68678165145e6aab4c1ee598f03eaeac18a6148f78b04e6aac7d2148c

            SHA512

            b47ae1373925a00b8ddd062217af1e20f0f459fabc86146f446e010b5c962dc46b5d969c6796ed4b35f227284ac007fc5806be818f5c4b49f0342d834af15316

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            9KB

            MD5

            0448254a9733ee713b03283f49b0954d

            SHA1

            b60f5d0af0120f828b707af36a022c687b205674

            SHA256

            a7337d1ec49547c831e2f52628d8f620c33df246ca9f89a80a979fbe1afa073c

            SHA512

            8749967eeb7527dc0d9182ad6f2a7262fb7b3d8b64d7550b513511da805d767bb2554f444147b57b33161568838d6a060c15059e2f8d6d5fd0a0b48eb4111258

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            9KB

            MD5

            fa9509d343a3b418f7419f9580c74bb6

            SHA1

            3a4c8a2d9dcf6072946e7b713a309ffcb44a10c2

            SHA256

            d3e03570f8a41e3d2b2ba6ca85bfb194c19c22685705078ec056cbc32bc650c1

            SHA512

            b32f8a2f1f0923500cacb12d0137dbed6c9a1131792604c05f8220fa9a1b8099330100495b4cb89c6ed99e687352f7413ede6b82ead2555c51780e0b7938b85d

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            11KB

            MD5

            79378b4eff67e0eb6a619e2717d0ca6a

            SHA1

            31a7461bb686b26e237c5a9c099fc6bfbc674a7e

            SHA256

            ee02ca310b410cb6561e6f9e884f092e76cef17c99104425711b7e74e4174dc7

            SHA512

            de3988f1f6136469fc89e24ab2b96e61a0a1622a38e19f38eb3f9886adc6849b144bbbae439dd195f110284678bf41b2ee4c08233478d1de7c40f6b63ab07c12

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            9a519908d167dab9074bf575a241a49f

            SHA1

            344f639b233ab874a9ff01506bd7e3d873bd0b11

            SHA256

            707b1af5005a21f84c5f83cb574be39a1fea8f93ce9d82448bc593b8ed7e8c87

            SHA512

            2f6f5aeaf36032f40fafde5e9690ec5d6de91ca951a7b638a6fe8a6f01d3fcc0b1e69252b0f6d62fde526be2d65ff68e26b54ad68f49ec18c84d43bcf505f5bc

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            af191fa539f804a52a5d7de5066d1226

            SHA1

            39829d54795b1d8b7de42917c44421fcfc9fb4d2

            SHA256

            3729b5b6823efde9c2847a1eb77b97c05071abec87fd2f8be98b6f7e0292bc6a

            SHA512

            1523b98bc3720085d431a2adb74d07a829effc6d511db8eb45e3056ae828d9cc985b5813b1ba53a2cf15aa16b559862b298476faa132b44e86674e20ce724d96

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            eff9c951b7e2f937989c4d839f527570

            SHA1

            1efc9116c45a78cbe2a400ee3de0e6be48bf22f1

            SHA256

            96f41f2462510ea971e1a0adc932bda27cafb644bb78dd02848f16cef83f2910

            SHA512

            793f7d8dea7d23e5f1a07a9cf58d64fdecec16629524e228b49ad85bddfebca53fc39f63672be941fc36ca5dde74d364f9802445f58bffd34a4244152896a45e

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            989ae7369c960ab4437475ac0b2bba43

            SHA1

            4ddc1f89075a6062de1dcf247be66552f33b98e3

            SHA256

            9241b5c9e05b55ecf2ef207e602eb55712ca7b1fb1030d5f356852089f46a5c3

            SHA512

            fa04f6e83662008039535605495ffffc0ebaeb398ac5e56f3694b21a8f0ea63604bbcdae06202f85e0b87da7d8030ac7be34621746fa652b8cfd7e90304ac15f

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            4KB

            MD5

            573f895f251183dbd6d2a71a1d0f8322

            SHA1

            462855a8672ab42b1843c45be233a91eb4e21520

            SHA256

            f5b0aa413cbf8fd059567836a736fbde18fe8bcc6285cac254e54af0db718a08

            SHA512

            6e79f20806c014fc3d76c45d1207f7fd1215c55e4cc57e978a447421cc900241f395ca7dcfc5a358772b15977af80f1917df6d2507b8f5cb66d3c794fca71f71

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            fd408f84cf5a69cb3d772b89452db20e

            SHA1

            2e0b81ce379ca6c1d8bb1b81fc557131d3cd07f1

            SHA256

            1f8bf3b7e6670ff4f68004858cfce5717cb456338532cbefed431e291211d1cf

            SHA512

            d15988773c28661040d84b5fea9a1338f224969bfeaa0840e579cb78d85c3889255b6c4fe4e051276f457310a757136900b7aaf24fa8259d123e1c13fcf373b2

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            ea85a5f016fc5a398e09a125a305f980

            SHA1

            43aaef71dee11497800be32c0187af844f309f09

            SHA256

            64852595b138ba7ff6541cc3511376e0240533adbc7c6fdde5e3b12cbc78c69c

            SHA512

            7116a4e40504e4c1670b0e4c6d6f6fa6981026afb94631851ddfe7b9c2b72dfdf906e28b6d64d19a9e852f0496d461246536de5fa5db302d77e2b7846127a82f

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            6KB

            MD5

            5e19b5ae14886d7f16377467d854e3b7

            SHA1

            05251dd1e3ff4518191281ce6418bafbe4e76f75

            SHA256

            ae7f53511e3496788de9961bc0c4388ff084e0b98ec2df01780279bf68ad9d13

            SHA512

            240035ee00be5863ab230467e0baf9f94eb26ccf7175bed9e402aee6f05846624b203992e206bfa5c07f3ecc575495d3bcb1ff1fd1a2a01a6b6fe55695ecc595

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            2KB

            MD5

            cd7287845330d45900e8cfc7b500e3ab

            SHA1

            223fe524b0cd345b47b8234687c9124b6337622b

            SHA256

            5221388360f5100728a203ebaa1d968494525bceaa85d4827d5167f7a6e6161b

            SHA512

            5297aa7f1d3283a2be9a67d76af219121071cfb5f7f4b84d926801b7c0c4bd71e216010e74bc3f258dbba06715ac6e4888df398d7eb77966490d4f856e3606bb

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            6KB

            MD5

            7585ef3d86ac2983350803875ee33aee

            SHA1

            5a3d64fdbf45daae331e26d55694f1bf11c172e1

            SHA256

            c179aff4f3b2421d6d8be413ea76a279bb78d53cf5eaf82a0aab79ae4eb79d01

            SHA512

            1b63d04ae0c14fe3525ca3ade4756e6c377910de4f426ad6c2a06311b537733e7a13fa3262c306e1d4c5de8b9bf5ecced2da48a32ddb537ebe0fc6e8a5fc420a

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            8KB

            MD5

            fa71551a7125df8f1dbea59edd4ca0c4

            SHA1

            d8bd8eeaa2bf8f15f8f305603dbc7558c1efc42a

            SHA256

            2c65d705f9bdfd700e5f1e461b835cddd5e1a9a7f97c8e701fa9be618dd66861

            SHA512

            cc61c922d555417de64c11f63b9d9630bc2a07afd6e8bcba9e36a19d8b82bdf751398047ddad3bb1a7a9ae1b91a83f9fbe75c8eed58fbb96d795123800bbcd12

          • C:\Users\Admin\AppData\Local\Temp\hd.vbs

            Filesize

            245B

            MD5

            d8682d715a652f994dca50509fd09669

            SHA1

            bb03cf242964028b5d9183812ed8b04de9d55c6e

            SHA256

            4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

            SHA512

            eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

          • C:\Users\Admin\AppData\Roaming\Zona\tmp\133617778637310000jre_packed.exe

            Filesize

            153B

            MD5

            a53e183b2c571a68b246ad570b76da19

            SHA1

            7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

            SHA256

            29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

            SHA512

            1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

          • memory/1696-49-0x00000000013B0000-0x000000000144E000-memory.dmp

            Filesize

            632KB

          • memory/1832-137-0x00000000013B0000-0x000000000144E000-memory.dmp

            Filesize

            632KB

          • memory/1832-0-0x00000000013B0000-0x000000000144E000-memory.dmp

            Filesize

            632KB

          • memory/1832-45-0x0000000002980000-0x0000000002A1E000-memory.dmp

            Filesize

            632KB

          • memory/1832-177-0x0000000002980000-0x0000000002A1E000-memory.dmp

            Filesize

            632KB

          • memory/1832-46-0x0000000002980000-0x0000000002A1E000-memory.dmp

            Filesize

            632KB

          • memory/1832-209-0x0000000002980000-0x0000000002A1E000-memory.dmp

            Filesize

            632KB