Analysis

  • max time kernel
    141s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 21:59

General

  • Target

    9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    9c12a3fde88521c3465f88661593440f

  • SHA1

    9b00ff3454e8689313af43210287c94be609dc33

  • SHA256

    220c33050c7451f14e9ab1de25aa8087109c40b4703fdad852e25c15e63a278d

  • SHA512

    f56f610b9e9a982fa7c2aa0e6ff6ee14a240195043f695a4551a8283e17d35a917c9b226343dbf363609ab3581f718f16600ee4a9b4704eef617d3529cd51da9

  • SSDEEP

    6144:1d/oKyhlMI4s9hs9gqt8sHE8Ywe3Mox+pqoSSV9i:1Jhlsnstn+LroSSO

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:1988
      • C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\9c12a3fde88521c3465f88661593440f_JaffaCakes118.exe" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
        2⤵
        • Drops file in Program Files directory
        PID:1996

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            11KB

            MD5

            e51a408f6fb802b3e668a372abf52a74

            SHA1

            9420cfdf6019085fc6bdc1d964ff1ea100592653

            SHA256

            0402a59247a7125303e361e8772c7f56a12fd257a666a2801ff8df2795c2ff51

            SHA512

            0f57890eebcd3f10c725e6c134b4e104410502eca9e2575a3577314b182821993559787e78888b29d0bfedc8d3ecef0aa371c4206ee0e9c2c8102c9fdf1e3bed

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            ffc571f9381662f33cc77608cb8b700b

            SHA1

            4a49eaec067c2a81a56761b98225363867095796

            SHA256

            b103e6f72733af1461a7422eb5448e7947e04c5b63153539ccdcc4164a0ffea1

            SHA512

            fc8be3aab1879d2bff55685a30891d2280ff0229647c992e47e5dbd22a1b9a07997862b17e95c854c0fd6bd8af7ffc60b1b5a8681bcd2f8f8295b52eecee9ff0

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            6182bc489b381dea34f9a2e38f1a629f

            SHA1

            019fb9fe1d0e835a87331ef37856481c38b06772

            SHA256

            6718a239684f041d1ab7159ae466bfd9fec271d7b9a6070bfa0008e814216405

            SHA512

            4ba990b4e5a394d4304ec8cfd64bd71bc45342353efad8a581547d75f09ab3fc356b32f7f71584f6e1ed813101329fd85e45c3f5b299c18f1f6ef44c352c3d97

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            12KB

            MD5

            c995925252382873d47806ea07f9bd7c

            SHA1

            730cc812475cd719007d7eb3868685b0734857cf

            SHA256

            ef67a7b64b39e703b9cecc9a261914e7ade8b7fb0cacff54555bb350f9100e1b

            SHA512

            39143c8bc7ad8ed5692f051da682d3f87d86a7452f9d285f36475e5b4291ab9a2b3413061c417fd36329328d7e7e682cbbdbc729ca220df43d8f361375993c15

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            14KB

            MD5

            7941c09c6e41a0caccc3be708f05c07f

            SHA1

            568933b3d80a2874a4d084fe67dac5fdf72b28c4

            SHA256

            94f27ec2d4f1406f43b53c7d04283352766118ac840adb219a796d8dc18361d0

            SHA512

            ef18d1e1dafcfd070fbf60517740eac9b556abc8df853b7d6214c29086346385613406858e8b6f1713907a29ee3c4c708bbae02ab4508ed6097c302799c8f42b

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            14KB

            MD5

            584c5ab3fae04545d1f93ede0c21e9d6

            SHA1

            11e3d65b9d22f2e92af0e89eab315ca2b1a47caa

            SHA256

            1b45e2b070791a308774f581726367b78dde1aa494d9a4899f8be0c64cf70fc3

            SHA512

            a347e4a188fdfc27f0160bd77b755a2984eca259404e41257093e781eb18b29adc456a504426e6f7776c0397b708b482cb335a3fa27562ce420ed18e9b8264c7

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            16KB

            MD5

            93d12c0695f6c06d9eea3379f98bfca6

            SHA1

            6248a50cdce5d394a3be3491beff7743f394c62f

            SHA256

            647c8c91071cf1fc90c2312c1c31821936c8b76601a9fc348f66f2f16ef36ff6

            SHA512

            04ccdd646df6d9d29bede67ce4fa7930d31a1dadae3d61dcc90cd8766bfef8089795dd9ea8293d9aabaecc51f9aa817d285571ced8fb81dcd8bfc7aaf9fe0a7b

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            2KB

            MD5

            65de8e5ee7c2a0a84688062e311c8360

            SHA1

            6fe1dcb0130949bd4925647eb2a7cdd818b6ab01

            SHA256

            722c1deec0b94f454d5c68c77efa406942c1596ff8e2ac118c68ed6f93606f30

            SHA512

            f0942c177b5e8338628814c58139255e78d0341bb12007ec1692f8599ea5dfde5104d0e4897708ed32c37849bf61e0a6136cb67d66b47e42ef76572dcfb79bab

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            4KB

            MD5

            0b08ac785ce9c8d4ed923a75a9a9487d

            SHA1

            e91282210eefc5c457c4a32412d0a6dc8e7fd55c

            SHA256

            4ffde06e7f717daf99d71ce049caf4074bb384579f47cf1ff7e4b25cb9af185f

            SHA512

            b8ae746eeb5f45f255a9065f1fd251a7d2b74d96f40b0244a1807163ce475d5516e36a6cad8f8ffdc9a0fa3d3a2bbcf22aca85e2cb8de85cb50878c59f740ddf

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            f582b4f9503e14dde5d33c3e3b991ed6

            SHA1

            332398f37bb987b7d83cecf85a244cf65fc2f346

            SHA256

            2eb1c05e9c7dac90b8d8ac7f76978d7cb41ac2c8b1309f076318f441c9d75ac1

            SHA512

            9ae147b36bcddf86749d42afa7623cbe820885d3adb9fd0b9b9bcf19d2ed91fd90aec269531c851633c235e9a34ff58645aa3bd3bc5ce1f81cdf2b96d05ac5ea

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            5KB

            MD5

            3730a9ee358efe11c83da58cf2691982

            SHA1

            9c7a9f4bcbfd173f55ee6e847e6236a34ad3b5c3

            SHA256

            e3f9d6ea2b2bbf5a671d0b9d50575e404d1ce593ddde5c5a0649f8bd06739937

            SHA512

            28fbb76f807fc4550421445cdc8a3d06b6c83972c998253689c53d9c40a50324b643406a5784028cb41180aa0e4acf265df2a735d21420aafc6065a10ab28e72

          • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

            Filesize

            7KB

            MD5

            40580f1cc06093cba1d70af3b7d4ad10

            SHA1

            8c7302de6d449747072d06d5af735c43af12ae4e

            SHA256

            e186ea1234781e5cb3bc4e0b9d36d8cc6b1e25271ba83575c59ce0607b46deb5

            SHA512

            30f0366388c681f2a8363596f4a81a0a4e6591744d10902605a4938a1dece830a76b746e2624d53a7417a6c726ce380ea821b294b6802e49d42d286dc8e693ff

          • C:\Users\Admin\AppData\Local\Temp\hd.vbs

            Filesize

            245B

            MD5

            d8682d715a652f994dca50509fd09669

            SHA1

            bb03cf242964028b5d9183812ed8b04de9d55c6e

            SHA256

            4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

            SHA512

            eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

          • memory/1996-103-0x00000000001C0000-0x000000000025E000-memory.dmp

            Filesize

            632KB

          • memory/4524-95-0x00000000001C0000-0x000000000025E000-memory.dmp

            Filesize

            632KB

          • memory/4524-0-0x00000000001C0000-0x000000000025E000-memory.dmp

            Filesize

            632KB