Analysis

  • max time kernel
    141s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 21:59

General

  • Target

    9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    9c12a3fde88521c3465f88661593440f

  • SHA1

    9b00ff3454e8689313af43210287c94be609dc33

  • SHA256

    220c33050c7451f14e9ab1de25aa8087109c40b4703fdad852e25c15e63a278d

  • SHA512

    f56f610b9e9a982fa7c2aa0e6ff6ee14a240195043f695a4551a8283e17d35a917c9b226343dbf363609ab3581f718f16600ee4a9b4704eef617d3529cd51da9

  • SSDEEP

    6144:1d/oKyhlMI4s9hs9gqt8sHE8Ywe3Mox+pqoSSV9i:1Jhlsnstn+LroSSO

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:2772
      • C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
        2⤵
        • Drops file in Program Files directory
        PID:2044

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            10KB

            MD5

            be79551638e20bfe25a6748dccc4ecfa

            SHA1

            7328c14c0476430d5e6111a9683e55bb52bb59d3

            SHA256

            e9e82eadc1c50632cd60eb3877f609102c09565e46b5fcbf4d893c55862c4106

            SHA512

            34e0b0f560d8d0a3226a7f9887579a2af83b59d4129c4482ff41b45f03af79eda44a259772e2c30b2886f7eae0654145dc153f0070dc0bededa28b24cf78e5e4

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            11KB

            MD5

            453ccdaf122b21fb04452c5d507b1ff2

            SHA1

            c98fab8b5d1cdbf7475f19401fb2f2066157e261

            SHA256

            023f0d93cb44fa74947e551cc8ce4fa9b8cfd95ad1a089968cc7d84a939d247f

            SHA512

            ba2d55106eaa63f1acdb9ccba138220584f23e4b7ac4ea4409e356a129c7e5d68069b7460ec1e20bf10c4de3e173f5628bd9f82e02687b6bf19bb51910bb079e

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            11KB

            MD5

            f6ae608f45fbd6c4f9d6602562a0e66d

            SHA1

            979bacbb4f3cc72027d9bd06c85c0690684d9c4e

            SHA256

            28cb502f56079e8da9c52abf25b89e33ca6a23cd47825eb4b40aa8bef3b4bf9f

            SHA512

            556f2c98cf9c0879408292cf507035a5e82b4c6f62b873b5e547147a1119547c4987cddfdccacdf10fd12bf929c0a799f89f8652c7d83551b71ca123322bf89b

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            35889efad8841c379470235a9d7ea4a1

            SHA1

            5afd7eb228c86fc68c48ed0447731872711fa063

            SHA256

            096f2bb13348c894af110019f5cf1204a90982beafcd9589ec28bf23c5faabca

            SHA512

            bddbd0a35e7a0d1509754ba07d1be99511529ba9a3bfac9d29ca010c2402a8374accba6c6f9933851f586bf1bcf9a404d5f779282a124480c6593e5ae9b84350

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            082f9361207f5fd39c983333018cf62c

            SHA1

            7e47d58d8220e34bd11b9c02cbb7491236146ce1

            SHA256

            773e812e4205dd89ecf7270644e96b8dea13330e11ba59c3741db0021333cf0b

            SHA512

            1c34167b14510cad20d8a1f05606f8e507d4f1dedeab1e51788e4ab824cd57ad6693a97881abc188460657e5b9bf88a7c1e37dae4725f36c4922c22d8a9a4d58

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            13KB

            MD5

            1438c73bc5f54c10137408c3fe2e5be1

            SHA1

            0af8dfe412fac6c3a60dcc2876e1f3c74a381249

            SHA256

            f1fde43dd237c15436e48bf24c5038e1e75f697ac5456a43a073abd66e16a9c3

            SHA512

            bd660ce594a22e9dd794ef1280b8c58efd5e4337f647d93c3e5fb885bdeaff7577789633e0d90dab59bbafa7e8e0856e302fac8765538987850ea060d34df4f0

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            13KB

            MD5

            b3d21809dc4ac303587ff5cdec1679ac

            SHA1

            a5308dcaa2ee12141f8220eb8e0751726671550a

            SHA256

            d816af4cdbcb2e2457d59563bb6abcd6c6d5d3b4a4fbf1825891a8fa5900abc1

            SHA512

            16d69fdbed6b4672383cbaabe3f45ca8e9d8739e5e9afbbd524c2de93bfa8cc14f25afce49a00dc617829eeef5f474380c0d0dae340df98f3d33c686a4bc000f

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            14KB

            MD5

            6120b119eca1867af8aed9010fbea3d2

            SHA1

            ee5cf4b21fe5214f136e172ead6019b8c1fe009a

            SHA256

            e9e2bb05f1d62ca1970108c286b39105d6bfdb2d2434f544991a828ebc516301

            SHA512

            e6b91be9354804df2178e46cbcb6c185878c2162a7634a463809bf11f8a9a4e733952648aac875896bc9f4b52a989df2b47155202b38dd23433ac9a32be7cd40

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            15KB

            MD5

            2e11a10d8ec98bbdbed48c6dcc6e538c

            SHA1

            977c3a6c5bcf616f744377cbe1f4a424ec9bf5d3

            SHA256

            4eaae5a494a16d8c5993c72ed47650af50e71c497b4c29022e51bffd6d4f07a7

            SHA512

            94fbaf265895cee9f5d97606f598bd8773090766cbd433dcba04ab04b0061a484f45bd9827a11b9fb03d57268b1343d5bc56c5aa2893bac78017113171ea9daa

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            16KB

            MD5

            0eb37675dacfef6537e805a41a028880

            SHA1

            9c78030fe0c0443033a26e5a9eeb78cd0314ff04

            SHA256

            f9c8c37c07bb3fc5a80a506898460a7a857fc2e3965da4f849d070ebc0b7c0ce

            SHA512

            4cbc8b95b35d1a02a88d2054b9883a7a2675bb367790095ac5c45e5b03907f5c8c98e749e67b300446a469637838d0efbb9180349b12839452c59116f98f186d

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            4KB

            MD5

            e396bdf205648ee7b5e06663a26391f7

            SHA1

            1f4e19837057402608dfc1c533012665a4b8ee90

            SHA256

            83c4dfa77c1de8e06ca3b633798bf0d61b9be0a166c792393ecb7d8787df02e8

            SHA512

            178fb013fc1117be9943a830e6a6a0f4c3bd4fca0aa4c34ad7aa868e3fc58019d91b0ebe805b2d40128f47b6f52ebd06d1756536b01d3f6cf8f14eb78740513c

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            4KB

            MD5

            0c84f33a4c6269998ad933074b021d0b

            SHA1

            bfd66111e44244391c55b913de65fd6463bc45f2

            SHA256

            ed69fe03280be8386926219e9788709aeb11bf0c18ba1ec49dd1997fc316825c

            SHA512

            a024db27dfc43b89765c6b224d1ef402e431f800960fd94c2a40fbb66a851bc6da71eb3b70991d8c132f2c754d833cef0e2d81a1fe9b9b532e0c4b6696d0771e

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            8345951784c9b5a9ec71737128d079d2

            SHA1

            7235d5a01b9b7f685aec5363cea8fbcb3b476bff

            SHA256

            01f75babbdb351f33f0283e59806a03b42d8ec483d3169fba6ab989955cdd9e3

            SHA512

            b07ea320750864903b93e4209a35c8d26778c6b7d136d0b76cceb6f10866b1b19b3520ca0223d47e4e80e0a6d1e8b5982c9acf86e2d4638eaa801de2991ccd10

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            6KB

            MD5

            8fa48229214fda915d7b594ca0305abc

            SHA1

            4e0b3d66f32ffa1aab1e9ed9b721d4941adfab42

            SHA256

            3afb45418381f0fc36a5596f3a8d600608a8b2820f6d4661a115f975ff6ab9dd

            SHA512

            27a4910c86f04ff6da6bf3914c6857388e5c156dca0fcba9d30d924c3330e916db923dc3200a74fc34b24ba3e22e91f057ba9b65ad9a848bf7f880ecd482eb25

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            7KB

            MD5

            f5b957e861d20c59194223c3d66a5e03

            SHA1

            81e989360b9338f10b78dd54882cf28831765e8f

            SHA256

            fc5d86a54d84b2ccd19c8c41ecf37e9f09f1e2e997a55b778da52f22249a5ba5

            SHA512

            091850d068928769bcf37c8f1606ef8147013b836df6e19651a67a4d9856f5fdaee35e8c2d84be835ad977de8523c26b4ff7ea47ee6c771909a8ac9792abe9ef

          • C:\Users\Admin\AppData\Local\Temp\hd.vbs

            Filesize

            245B

            MD5

            d8682d715a652f994dca50509fd09669

            SHA1

            bb03cf242964028b5d9183812ed8b04de9d55c6e

            SHA256

            4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

            SHA512

            eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

          • memory/2044-100-0x0000000000190000-0x000000000022E000-memory.dmp

            Filesize

            632KB

          • memory/2044-44-0x0000000000190000-0x000000000022E000-memory.dmp

            Filesize

            632KB

          • memory/2972-99-0x0000000000190000-0x000000000022E000-memory.dmp

            Filesize

            632KB

          • memory/2972-0-0x0000000000190000-0x000000000022E000-memory.dmp

            Filesize

            632KB

          • memory/2972-43-0x0000000003230000-0x00000000032CE000-memory.dmp

            Filesize

            632KB