Analysis
-
max time kernel
141s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10/06/2024, 21:59
Behavioral task
behavioral1
Sample
9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe
-
Size
227KB
-
MD5
9c12a3fde88521c3465f88661593440f
-
SHA1
9b00ff3454e8689313af43210287c94be609dc33
-
SHA256
220c33050c7451f14e9ab1de25aa8087109c40b4703fdad852e25c15e63a278d
-
SHA512
f56f610b9e9a982fa7c2aa0e6ff6ee14a240195043f695a4551a8283e17d35a917c9b226343dbf363609ab3581f718f16600ee4a9b4704eef617d3529cd51da9
-
SSDEEP
6144:1d/oKyhlMI4s9hs9gqt8sHE8Ywe3Mox+pqoSSV9i:1Jhlsnstn+LroSSO
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2972-0-0x0000000000190000-0x000000000022E000-memory.dmp upx behavioral1/memory/2044-44-0x0000000000190000-0x000000000022E000-memory.dmp upx behavioral1/memory/2972-99-0x0000000000190000-0x000000000022E000-memory.dmp upx behavioral1/memory/2044-100-0x0000000000190000-0x000000000022E000-memory.dmp upx -
Drops file in Program Files directory 4 IoCs
description ioc Process File created C:\PROGRA~2\Zona\utils.jar 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe File created C:\PROGRA~2\Zona\License_ru.rtf 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe File created C:\PROGRA~2\Zona\License_uk.rtf 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe File created C:\PROGRA~2\Zona\License_en.rtf 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2972 wrote to memory of 2772 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 28 PID 2972 wrote to memory of 2772 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 28 PID 2972 wrote to memory of 2772 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 28 PID 2972 wrote to memory of 2772 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 28 PID 2972 wrote to memory of 2044 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 31 PID 2972 wrote to memory of 2044 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 31 PID 2972 wrote to memory of 2044 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 31 PID 2972 wrote to memory of 2044 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 31 PID 2972 wrote to memory of 2044 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 31 PID 2972 wrote to memory of 2044 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 31 PID 2972 wrote to memory of 2044 2972 9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Windows\SysWOW64\cscript.execscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs2⤵PID:2772
-
-
C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"2⤵
- Drops file in Program Files directory
PID:2044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5be79551638e20bfe25a6748dccc4ecfa
SHA17328c14c0476430d5e6111a9683e55bb52bb59d3
SHA256e9e82eadc1c50632cd60eb3877f609102c09565e46b5fcbf4d893c55862c4106
SHA51234e0b0f560d8d0a3226a7f9887579a2af83b59d4129c4482ff41b45f03af79eda44a259772e2c30b2886f7eae0654145dc153f0070dc0bededa28b24cf78e5e4
-
Filesize
11KB
MD5453ccdaf122b21fb04452c5d507b1ff2
SHA1c98fab8b5d1cdbf7475f19401fb2f2066157e261
SHA256023f0d93cb44fa74947e551cc8ce4fa9b8cfd95ad1a089968cc7d84a939d247f
SHA512ba2d55106eaa63f1acdb9ccba138220584f23e4b7ac4ea4409e356a129c7e5d68069b7460ec1e20bf10c4de3e173f5628bd9f82e02687b6bf19bb51910bb079e
-
Filesize
11KB
MD5f6ae608f45fbd6c4f9d6602562a0e66d
SHA1979bacbb4f3cc72027d9bd06c85c0690684d9c4e
SHA25628cb502f56079e8da9c52abf25b89e33ca6a23cd47825eb4b40aa8bef3b4bf9f
SHA512556f2c98cf9c0879408292cf507035a5e82b4c6f62b873b5e547147a1119547c4987cddfdccacdf10fd12bf929c0a799f89f8652c7d83551b71ca123322bf89b
-
Filesize
12KB
MD535889efad8841c379470235a9d7ea4a1
SHA15afd7eb228c86fc68c48ed0447731872711fa063
SHA256096f2bb13348c894af110019f5cf1204a90982beafcd9589ec28bf23c5faabca
SHA512bddbd0a35e7a0d1509754ba07d1be99511529ba9a3bfac9d29ca010c2402a8374accba6c6f9933851f586bf1bcf9a404d5f779282a124480c6593e5ae9b84350
-
Filesize
12KB
MD5082f9361207f5fd39c983333018cf62c
SHA17e47d58d8220e34bd11b9c02cbb7491236146ce1
SHA256773e812e4205dd89ecf7270644e96b8dea13330e11ba59c3741db0021333cf0b
SHA5121c34167b14510cad20d8a1f05606f8e507d4f1dedeab1e51788e4ab824cd57ad6693a97881abc188460657e5b9bf88a7c1e37dae4725f36c4922c22d8a9a4d58
-
Filesize
13KB
MD51438c73bc5f54c10137408c3fe2e5be1
SHA10af8dfe412fac6c3a60dcc2876e1f3c74a381249
SHA256f1fde43dd237c15436e48bf24c5038e1e75f697ac5456a43a073abd66e16a9c3
SHA512bd660ce594a22e9dd794ef1280b8c58efd5e4337f647d93c3e5fb885bdeaff7577789633e0d90dab59bbafa7e8e0856e302fac8765538987850ea060d34df4f0
-
Filesize
13KB
MD5b3d21809dc4ac303587ff5cdec1679ac
SHA1a5308dcaa2ee12141f8220eb8e0751726671550a
SHA256d816af4cdbcb2e2457d59563bb6abcd6c6d5d3b4a4fbf1825891a8fa5900abc1
SHA51216d69fdbed6b4672383cbaabe3f45ca8e9d8739e5e9afbbd524c2de93bfa8cc14f25afce49a00dc617829eeef5f474380c0d0dae340df98f3d33c686a4bc000f
-
Filesize
14KB
MD56120b119eca1867af8aed9010fbea3d2
SHA1ee5cf4b21fe5214f136e172ead6019b8c1fe009a
SHA256e9e2bb05f1d62ca1970108c286b39105d6bfdb2d2434f544991a828ebc516301
SHA512e6b91be9354804df2178e46cbcb6c185878c2162a7634a463809bf11f8a9a4e733952648aac875896bc9f4b52a989df2b47155202b38dd23433ac9a32be7cd40
-
Filesize
15KB
MD52e11a10d8ec98bbdbed48c6dcc6e538c
SHA1977c3a6c5bcf616f744377cbe1f4a424ec9bf5d3
SHA2564eaae5a494a16d8c5993c72ed47650af50e71c497b4c29022e51bffd6d4f07a7
SHA51294fbaf265895cee9f5d97606f598bd8773090766cbd433dcba04ab04b0061a484f45bd9827a11b9fb03d57268b1343d5bc56c5aa2893bac78017113171ea9daa
-
Filesize
16KB
MD50eb37675dacfef6537e805a41a028880
SHA19c78030fe0c0443033a26e5a9eeb78cd0314ff04
SHA256f9c8c37c07bb3fc5a80a506898460a7a857fc2e3965da4f849d070ebc0b7c0ce
SHA5124cbc8b95b35d1a02a88d2054b9883a7a2675bb367790095ac5c45e5b03907f5c8c98e749e67b300446a469637838d0efbb9180349b12839452c59116f98f186d
-
Filesize
4KB
MD5e396bdf205648ee7b5e06663a26391f7
SHA11f4e19837057402608dfc1c533012665a4b8ee90
SHA25683c4dfa77c1de8e06ca3b633798bf0d61b9be0a166c792393ecb7d8787df02e8
SHA512178fb013fc1117be9943a830e6a6a0f4c3bd4fca0aa4c34ad7aa868e3fc58019d91b0ebe805b2d40128f47b6f52ebd06d1756536b01d3f6cf8f14eb78740513c
-
Filesize
4KB
MD50c84f33a4c6269998ad933074b021d0b
SHA1bfd66111e44244391c55b913de65fd6463bc45f2
SHA256ed69fe03280be8386926219e9788709aeb11bf0c18ba1ec49dd1997fc316825c
SHA512a024db27dfc43b89765c6b224d1ef402e431f800960fd94c2a40fbb66a851bc6da71eb3b70991d8c132f2c754d833cef0e2d81a1fe9b9b532e0c4b6696d0771e
-
Filesize
5KB
MD58345951784c9b5a9ec71737128d079d2
SHA17235d5a01b9b7f685aec5363cea8fbcb3b476bff
SHA25601f75babbdb351f33f0283e59806a03b42d8ec483d3169fba6ab989955cdd9e3
SHA512b07ea320750864903b93e4209a35c8d26778c6b7d136d0b76cceb6f10866b1b19b3520ca0223d47e4e80e0a6d1e8b5982c9acf86e2d4638eaa801de2991ccd10
-
Filesize
6KB
MD58fa48229214fda915d7b594ca0305abc
SHA14e0b3d66f32ffa1aab1e9ed9b721d4941adfab42
SHA2563afb45418381f0fc36a5596f3a8d600608a8b2820f6d4661a115f975ff6ab9dd
SHA51227a4910c86f04ff6da6bf3914c6857388e5c156dca0fcba9d30d924c3330e916db923dc3200a74fc34b24ba3e22e91f057ba9b65ad9a848bf7f880ecd482eb25
-
Filesize
7KB
MD5f5b957e861d20c59194223c3d66a5e03
SHA181e989360b9338f10b78dd54882cf28831765e8f
SHA256fc5d86a54d84b2ccd19c8c41ecf37e9f09f1e2e997a55b778da52f22249a5ba5
SHA512091850d068928769bcf37c8f1606ef8147013b836df6e19651a67a4d9856f5fdaee35e8c2d84be835ad977de8523c26b4ff7ea47ee6c771909a8ac9792abe9ef
-
Filesize
245B
MD5d8682d715a652f994dca50509fd09669
SHA1bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA2564bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca