Analysis

  • max time kernel
    155s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 21:42

General

  • Target

    9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe

  • Size

    40KB

  • MD5

    9c07b7fbb93700ee3309dce4d3ce6cbe

  • SHA1

    252ab3040fd46279f34501b2772ee0294a89f84f

  • SHA256

    7141b4d7594262026b952176c0cc1819e28f11e43320eda2aa69d8424d920117

  • SHA512

    e0b82e44b39030b1531b0196ae58c9243fb4e52281215f0fb00e7b92555971dbdaa35d2da78ed432334937cec38d756a5c3a4df045269a3a1bc747abc037167c

  • SSDEEP

    768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtH4P:aqk/Zdic/qjh8w19JDH4P

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3324
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:5008
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4784

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\Z63CIK3I.htm

            Filesize

            185KB

            MD5

            9dbcb3d85968f4c16eba3de096b1c198

            SHA1

            f779b7ee5a1f6f88361e1db3d72952d5c2961a1c

            SHA256

            e2cba66355d41f91adc7eb215ac29c91ebba5b7901f1672681e5c73eeb555259

            SHA512

            35b78e1c1e98431257593de397ef5ad524a95699e58d915c02929bfa0c2233227ae0d8e5432c7b2074b455f88538b52a07f2cacd8105a5905460d05ebb4fa9bd

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\results[4].htm

            Filesize

            1KB

            MD5

            ee4aed56584bf64c08683064e422b722

            SHA1

            45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

            SHA256

            a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

            SHA512

            058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[3].htm

            Filesize

            155KB

            MD5

            b2ef8d4a3506b9ecbd396cc159a3f0d7

            SHA1

            2940ecf5cfe5d226ed9e7f9e47f8eb4190d408bb

            SHA256

            8244eb46dd5c295989e22ab2b5b13ccb56f0e8e777569b64229a6649f48140fe

            SHA512

            61f7f9cbfe527e9476b75cbf1df0cd780daf7424403bbebc9a10b6ec575f0740e2a0d3e2ecb8fc7c50393d26f6bdd6cf6f1fcdcf827bfcd78a6c7f893c47fb76

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[5].htm

            Filesize

            66KB

            MD5

            3d465334995b8a6d642b9470d55819e8

            SHA1

            281cd5f10e78bdd33b9b3ac390b2e2c3fdbf9230

            SHA256

            a36b089de17532dfd38a5054dc38cf331e8ef2d79337449daae523de735a6505

            SHA512

            eafddc82753b90cc2ca5bca96be0374878390f8293d2caffe1a42404774f3624639b67d02cadeb801bbf704aaeaf2fe008308feb31341503155a41273829176b

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\results[3].htm

            Filesize

            1KB

            MD5

            211da0345fa466aa8dbde830c83c19f8

            SHA1

            779ece4d54a099274b2814a9780000ba49af1b81

            SHA256

            aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

            SHA512

            37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search[2].htm

            Filesize

            25B

            MD5

            8ba61a16b71609a08bfa35bc213fce49

            SHA1

            8374dddcc6b2ede14b0ea00a5870a11b57ced33f

            SHA256

            6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

            SHA512

            5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

          • C:\Users\Admin\AppData\Local\Temp\tmp39D5.tmp

            Filesize

            40KB

            MD5

            8cdb0bf2fffb85d6b872ab040bfe5087

            SHA1

            ae9141c5ebd6ec0f2fe7ae8cdc1b38854b3262e0

            SHA256

            553e436a8c137e738d34c2a17dd034976f1e5b936ce0c8b109daddaaf541163d

            SHA512

            1ebfa25e30d11cd4131eecd9791b54a4ef67e50c182461beb12bedc375e97e1d58fb1940ff7bcb8dbb9dd40d492c8f9014b4d89c547b27f903ed005930b80207

          • C:\Users\Admin\AppData\Local\Temp\zincite.log

            Filesize

            1KB

            MD5

            0fca6b7ee107cf97e0acc2c30314456b

            SHA1

            269b187140557cadd750b71ae7e1fcec247edae8

            SHA256

            2492d92f1a150b6043bcaf1a36870a34d9fbad18213bd0d68ee1c6e7f2851a61

            SHA512

            11154c5b955b809e4c0e92ba3e35a3d87e5128343619708dc8749d2e20af6188834a93eca37fe0db5387a5e219a7d965a1bfc95ffa06d012cd2b0a59adca04d8

          • C:\Users\Admin\AppData\Local\Temp\zincite.log

            Filesize

            1KB

            MD5

            06e633d6753eb9a2e5fc9f7b8074600a

            SHA1

            a05af4720e5dba57aaeac41500335f884886cdf7

            SHA256

            47be518fd066979c4d46556386fdc3247405a2c0f3ef621f7d9990f9604bff1c

            SHA512

            38c06212fcb4beb8de97958e5ef149c3be69c3c1f3ee647001f50031803cdab170f800a81b5a5a3ccb91e0bb1d748f0668bc5a95fc8d522a2efede7b9d43e9a8

          • C:\Users\Admin\AppData\Local\Temp\zincite.log

            Filesize

            1KB

            MD5

            f7035a8554a7583df6b7ce4c0ceffe7f

            SHA1

            3a4f9f310799c42b6c32a5971817a52824fc1494

            SHA256

            88bd18a79dadc4005e335760a29e23e9c319b01c4369e23f27f4f5ae902f78f8

            SHA512

            19b0c198acd84a13cbf74fd2727a3e8adb4b6782dbfc7f6a446979dd3d8c7f49eeb8b6c604459cbbe8fa207ef4658069f2de9ce8e90f304f399ce03d20330924

          • C:\Users\Admin\AppData\Local\Temp\zincite.log

            Filesize

            1KB

            MD5

            7e248261355f24abe6fe3d62a0ba0f77

            SHA1

            06f01cb9a2800a4588c1449eaf28c2fbe54d0265

            SHA256

            6d02f3f3a4cef730f655c67a1db17f8cf104d02e2c44d09a0972886e22698b88

            SHA512

            f3ad2def668cceeaa21938d2b2046a8f2be6b30beaaa48d9626cc10a1d2fd72f3c2474a657db8ae3abf51406e7cd742055aaf8997f103dd7d13d0b236d907c7a

          • C:\Users\Admin\AppData\Local\Temp\zincite.log

            Filesize

            1KB

            MD5

            0083dd917dd333e764b8b46afd60a19c

            SHA1

            62b18cde3b760ea27876318cb81ee847ba8d3b63

            SHA256

            57d61073681abebe6f70beefd7499eb1dd9ff2bddf487e9c54314292102fd21d

            SHA512

            37b85dc930c2a4b656373dae026a526b9b2b6563594cd2e35665681577833c90f9ec125a8da7aee0c48aa4ca2460cf295164e3bf98ad56d7f3347e7eed4a3ce1

          • C:\Windows\services.exe

            Filesize

            8KB

            MD5

            b0fe74719b1b647e2056641931907f4a

            SHA1

            e858c206d2d1542a79936cb00d85da853bfc95e2

            SHA256

            bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

            SHA512

            9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

          • memory/3324-0-0x0000000000500000-0x000000000050D000-memory.dmp

            Filesize

            52KB

          • memory/5008-21-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-97-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-13-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-22-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-30-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-6-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-329-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-148-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-363-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-17-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-376-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-392-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-26-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-399-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/5008-407-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB