Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 04:57

General

  • Target

    8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    8cf38bf1440cb8a40847cfce6ec71497

  • SHA1

    5e78cdcae4633d88b6a0e8dcb53dd4efd8ef7c44

  • SHA256

    22190ec514ea9337a96863b64332c5aef8409711cbfadd3838a51499c2023de4

  • SHA512

    f82473ad69916ef81c169459fced8c33e05b428bfc117e61ded9701cdd1b9b0889398530f5a2dcf72b62fcd89fbbb17b219aa98ae856d9ce0c3f162f595e7c1c

  • SSDEEP

    6144:SifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRVy1:Ffk6kDqHw2hmxlrz2HoSRQ

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:212
      • C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE
        "C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
        2⤵
        • Drops file in Program Files directory
        PID:2140

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            8KB

            MD5

            f549f978068caaaf387dafe287014220

            SHA1

            836720b6201ba429080b4dfbce03e4a3116952de

            SHA256

            1e2ea34eb115820bd787f66343a42b90741d0bb8978072844b972a2a440b8897

            SHA512

            9db115282b10c3bbd29168bb55da296bed2ca940b39f5e75b10da84b377d99decb03d4cc2973c4fdb2c7da842f30caa2662d1932d815b7e50709111cbf681b8e

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            8KB

            MD5

            b7d3a32b0e530da88580dc18c5f40253

            SHA1

            5483ba75a73e77629621a75a1cfb60cf1cd13a74

            SHA256

            7a41915e009a0e7150bbe843d45b6468117efeb8136fd54f9812fd6e606be669

            SHA512

            279be9842618020108933867aefcc142f92d591aad0dc8a6a317e7b31b11a8762f0fff81f13a20f742af80ddf2ca3d08845e8754646ca34b9c3fae074870978d

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            9KB

            MD5

            c9b743009e12089d46bd075100a61cf4

            SHA1

            0c7929c02f988a5ea2e61f7261f6303c33f70c22

            SHA256

            4e4435063f62f621e6414ead59ba06dde806a95d0c03ca53cdbd3a0c8919017d

            SHA512

            87cdfc815384ff4ab1a8fb5fb59d78027e37118c8b020fd1525508490b7db695eb69ac40e4331a144581dfe65b68c5403db023c0c677c3f293a92b8275b1dbbd

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            9KB

            MD5

            958a7d8085712e3a8ae034e8b47fdec5

            SHA1

            f40bdbe16616e1b293635f35bc81dc685bc8b0b9

            SHA256

            d20e03a849d3340ee27ece6e0326109b592864bc2b222bbf4d9e9f0410a02c10

            SHA512

            06f6c01c6ad636156b26804ac737f6e7b6b38175cdff115064e62ec12e7f6c4013e2cad626efe43c10f142163a74befa76d953befec8365cf81392220cf817c6

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            10KB

            MD5

            2fb331d2e23757c3fdb27e6a96be5a52

            SHA1

            e5c7854df4b82bfabaf5b0ac3f06957f99eabfb6

            SHA256

            a69db635f362846538f89f7e5a20ab8285de64995d8d8f48dfc014c73f7ec272

            SHA512

            128b8d2e01a3b1ea085f397463a6309b0134f7b0f2073a337a09bf00dd30e93fa8f67f429879d2e83ad0f720b74e63aef98aad7a144d6432b9156d221d05f2c1

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            11KB

            MD5

            9422dc2687da92a16d6bba200c56ea41

            SHA1

            fdedbd5e4f2b7a10936f413e56c6312b05f7a1f1

            SHA256

            981f8fcbda34ca227be21509b4edfded710b0c1d8fccbfa32c2e150a1d07e219

            SHA512

            68254687b1945f9d43712458cb2703f12c9371667451c75a43b5e265073ad3f0a63cd03e53f99b3193805e2a3d0e5b700af7ec16a6ac0edcfc8bde23fe190577

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            11KB

            MD5

            9a0e907a30e3e0b5832d9de8c696810e

            SHA1

            3ea1bde784d9eedd9ef4f016e76d84d046aef6a6

            SHA256

            afe0ed2986b79406c467fc039f5db336ecd3f64164a81b67af1ba1d408c15e38

            SHA512

            31e834cb49519550fc3f43afe4f0b7acb3274adc981def36772230f7b9bb945f4ee8d2e4c78ab3d426ff83316cb348055648f7654c79ec549f3d70af0f839923

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            74b916c1d8fadfbe8c08762bf1893cb2

            SHA1

            375abc1afa02bc03ebe561ca5b789a63117b86b7

            SHA256

            054ab1fabdbd12ebfd48c05ba139c06b9030dcb742e27d339dd45ae41a5e9f73

            SHA512

            94a779f5a2cb5dd737a5565edd0d4f11eab6076c8251cc4981e1c979424b75407b7b011fc0e726bb6ec14962387d335823aea0b5426ce40441debcccf06c20a0

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            5d3f581c6c6ceb0e4b26460efd6402bc

            SHA1

            afa6e1e3f0771db984316c6c6a8a0b960a3dc8cf

            SHA256

            3b94b84ac3fe57a4f028afe517560f8b4466478081a55b2310e07bbcaf66008f

            SHA512

            6f2bf71db7b168262880532ed9f5f3705d80df5dd91445a330447ad950ef7f386e66e2dbc0c18e5c6c5d89127a64ac45a43c855712223236e6a6286f6e1155e4

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            de27b4e095610572612f90a8a2218776

            SHA1

            828b00fe8effe7a4a31a20fddeef11ced032e5b6

            SHA256

            a26a19179c8ccb1887a63b18df889c6606a45a3d9130324c4743d4c5e338de86

            SHA512

            4f59f0148efa66bb88f4dfe51731ef12c9cd57eed234c03fb187bc2301813eaf426999b7914139207fbf251ef0deb34e75567618602b61b699de7a5e55aea13f

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            2KB

            MD5

            1522aaad0d50f047ec36cb033e3d15b1

            SHA1

            210664cced06c7541abee8fe24a1bf51849805b5

            SHA256

            9d2f706b951540efa2751772d530c50cf75b5c54eac19f0b693582eb747e747d

            SHA512

            4985cd02bfe4c2e5b6a32c12e20d456f1bdd6c5ae780d7f2987bc6cb37af30b9fdacea0e137a1428a3c2f29e665eda52fdff92c103f85b37d6347059f994981d

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            3bf9b83aef932ab354dc6c3c4d7de3f7

            SHA1

            ed3a3f264e7888f9d5a252f7cc42b62a08e4ffa5

            SHA256

            415a6267c44e0a4f3857cb2acb53c1ebe164fc6e94c8d811334815514ca608ff

            SHA512

            9cda9a0aaa7304bd0e2b813c08c3cdbf549b74c84c541132ef569edd1ff96c4bec0673b7bef3fdf38e7aea5f37fc5b47b29ec317476c95578be3e3fc936f1a9a

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            4KB

            MD5

            97d0969757f2896eb8f28397d5301339

            SHA1

            a5c935ac62ba436a023480d3498ef34bb5d33cdb

            SHA256

            713dce4a11122f4a69d04945d985758e5f9c88334e008166c1bfddaee878b0ff

            SHA512

            f7262a674c21d17f25b33aa36a236b5593cd7bf2d786b651e7a0dfad70c1b0ade72dfc4a23a164e176be4d8f12eb8970bef8076cc69299bf0a945d6cfbc60056

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            50546a4335ed07ff821aa43d25a9dc52

            SHA1

            91bce8b65a362bbc605a24f976fc484057a7a881

            SHA256

            e6939614faeeaa6788a35e012f620aa9a25998770462784aaf0905b7b56762ad

            SHA512

            686967fddea258c20174261066b2bab69204e902ef192b299a5b4e6000e069abade4dedf935455adfac90995b5a284cc072fdd8907d33f3cf2402a8806375065

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            6KB

            MD5

            e3f59a7194541780b815ef335321fb4a

            SHA1

            8125a7e01c8ff605cf3ea01f99c696a6ee152c41

            SHA256

            d545438a5fa22b790d026f1cef43c5e1bd944a95aaf26e6458d2b6354040b6c9

            SHA512

            39d7b398a3bcc7c47ff7de56b14b491740f32ef2921dd50a2951ab1252f0b24bd2cc16880eab676f27ad40d2bd8163b9866958163d81206200ee8e62dd704d6c

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            3578cbba36b81005617cbb9cfcde61e3

            SHA1

            8b3a22a61f76601885f576103c732a61ae6508c3

            SHA256

            0727bb29703c06558e8e1e0ed508bf07f79fc9cb703cdaf44ffbb6f7af7a5304

            SHA512

            801e870746c407d066ba96ba9d26764348dacb8ac174ee5b670b07e96aa4e991fc4d217781aa8d0773c3d2241ed45cf0a1d19c03ad7e06aa50ebaed2305e50f8

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            7KB

            MD5

            fdfff6d6197fc57b23fa5ff7e187ca8c

            SHA1

            c1225b3807be10cf5a1c4103bef219edc7d1c44d

            SHA256

            0f4daf8c35c234cddf6d02bf61bcdd7075078bd1a82e3ab82f9d6f9fb815f8d8

            SHA512

            53b3f86553bfea6dcda1363063c1f981bc3c3c368df24e9a3dfe511a0a5f46c39bccbf1ce86fc18d54c091fdb4a989b736bd1450e8c0aa377b3429a6fb7448bc

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            1KB

            MD5

            c26fe576354ab9201e336143ace1f773

            SHA1

            307c887bb265226c143cc90e2ab2589f0faae239

            SHA256

            b528530138eeda02504fd41500b2d773f7b0578917c6e4bc18487ebdfec6930b

            SHA512

            19af7cd07ca1db7270a2a51466d0fd8d4363a7429efd8228f176ff5e0bcbf63e4309db2e7c3c69c69f699f0b8080d73dff5461f6f6f5421d0d6a507de164c366

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            7KB

            MD5

            c0c5eadc3272d81764e403e85b8a07e3

            SHA1

            d7c9a8d844793a5c4e9e6114af5e729eb979cf8b

            SHA256

            c44bbe1c0fe5274e1df74628226834ceb8d83b2e62198c2189334c8f7925bf85

            SHA512

            59502ca715a7897d6b77877654041a975c4348764099d75286576e149c434ad81268c974ea3e4f2d3e0d6029befac5f50cae2dca2985618e1fe98907902f3549

          • C:\Users\Admin\AppData\Local\Temp\hd.vbs

            Filesize

            245B

            MD5

            d8682d715a652f994dca50509fd09669

            SHA1

            bb03cf242964028b5d9183812ed8b04de9d55c6e

            SHA256

            4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

            SHA512

            eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

          • C:\Users\Admin\AppData\Roaming\Zona\tmp\133617778541803176javaSetup.exe

            Filesize

            153B

            MD5

            a53e183b2c571a68b246ad570b76da19

            SHA1

            7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

            SHA256

            29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

            SHA512

            1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

          • memory/2140-168-0x0000000000F00000-0x0000000000F9E000-memory.dmp

            Filesize

            632KB

          • memory/2240-163-0x0000000000F00000-0x0000000000F9E000-memory.dmp

            Filesize

            632KB

          • memory/2240-0-0x0000000000F00000-0x0000000000F9E000-memory.dmp

            Filesize

            632KB