Analysis

  • max time kernel
    141s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 13:45

General

  • Target

    a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    a5dbaa806f205ed76b1e389ef7934c06

  • SHA1

    deaac3f62970e4a3c3087c21eed44c6899560ea2

  • SHA256

    16e2e3285781170bd60f881927443d71c0c0cce4f5bfe8b1d7e2ce844ce4c646

  • SHA512

    8895b86c99882b2e77d55a71b27812d85c3bba720b102a7ae72454c27721951cd6ec2d525d9d636580c7c7b914a42a03c84f97b13df19ec909b043c9d789a54d

  • SSDEEP

    6144:KifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRV1C:9fk6kDqHw2hmxlrz2HoSRu

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:2688
      • C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
        "C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
        2⤵
        • Drops file in Program Files directory
        PID:2556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      10KB

      MD5

      1b4f9b18ca78157770a949f2934a19f4

      SHA1

      9272f12f8d52f62ff701769355a65e21c7d4803d

      SHA256

      6894acd8103174b3cd847346525e60b2ae61894a81b06e9598626b2407344046

      SHA512

      1b9d86c41285f9228b38fb61aff1d743ab174f62fbf8bbe1f4a1e3b754092794f134d94d21cbe70d8c6167d3d59d7e8c972f35d7b41d54aedca64038df7084ae

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      10KB

      MD5

      bb3fc0d9651875432b1ecb32526cade1

      SHA1

      35138f7f3c1121fe62911cbc6fbfbdaca2809822

      SHA256

      21dec1061e61ad10c8b4ec9535e551e7c6fe74f0de6407dbcee18fae7fed2973

      SHA512

      aecb37ac99541b7205ba9dcc64daabce708e603095b5fe0bb6945b72af8adee8e37fdbc9eed4f2d40f98e3cb4064739c40278e61ab3305e40df8daccdccd7b6b

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      11KB

      MD5

      325729d5d5ae53a59a4a79d43fc6936f

      SHA1

      70ee738345d710b585fa6b3e787e05d3f85e7b5d

      SHA256

      444bd79ba0b449518e9294add5eabad5e2ad16df40c3211200eb621677b76bbf

      SHA512

      f79ee45f6f7fac623b71ceea2638c18d0e2dc41fa49f2ef0403403a35d98dafb98e8e19afa7a12793e1212db9a26e1752b6dec4c6f95e8b85eb74e7aab6cc9fd

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      11KB

      MD5

      ef0fb29f0c086e189d7f0aa25399239f

      SHA1

      80358abd77eb3103bdece0cafd1a96509fcbc866

      SHA256

      2f91685399b7b4ebe69d8822331c98c1aa2a32e940b5d3fc6bf13067b3b857cb

      SHA512

      18c5712840d0269263e86822132532de136dbc1f36c7b874e8acc552da2db5053e64e320bf49b1bcc24b1c57cab659131ddc4c456616e9bc1ade17655f841b8a

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      11KB

      MD5

      04788a6a779a011504dee656142e5c1e

      SHA1

      2129c9e1d32cf77fc46386d86814f6d77e459f58

      SHA256

      a3d266e6aad5c464bcd44187c5953fecc6aa8a37c14568285242bd8c0e48d2c4

      SHA512

      807839d621e9de8d47d4c5927a23f05ab985e7c6282af605772eb0cd2fc5db4d040e1277ffc9a98903d77ed67777228c70fb7928ce017454da088373d721cfa0

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      12KB

      MD5

      e78eb348f260e56cb8a9574bf1112f73

      SHA1

      dd9003e7c235dd4c23fd9d759d913e718e4becbd

      SHA256

      898a74d022920a6f296a025680dcdc33e5172dabf888d97d4ba15d2d53077e08

      SHA512

      c23346656419e5c0f909e6ca1374ada5df0c549b618aabed04ec4b8288c6b07026a3666d1fc477d8e035d81fd478abe8bc7c8794377a397172f3bae69e477e11

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      13KB

      MD5

      7335f94a284d656d0a01b47c1033652b

      SHA1

      9ea033e40a9d9997e68b61b5d10bd0439885fa45

      SHA256

      2bde286d50988e9522500a09fb03e9c30c02c5fd9481ef389aee64eb4b591cad

      SHA512

      6c70ccfa808d5df8dc32c5884fca15ce491da7c74d91348607cdfcf775232f2e876550f85cb9c3f36418c0b2f76c7a806549dfe1c26331753bd9587bcf1b42db

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      13KB

      MD5

      9f1f7a0cdf95fa29806bdb8d8258d71c

      SHA1

      6d8809dedb81862e57b378bd00df1a704980a12c

      SHA256

      23a793ae61f98f576c4a20ec343c74ab634a1a9d26a78f19fe4771ee524efd82

      SHA512

      a54385e1939d43afdb1a0010fe89e3d207f899da47de3bd13cfd1e5956f062c0d812ad721a515070f6dbe5ecc9bf5ea645300ac631ad19493ee19e096a3b3b06

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      1KB

      MD5

      53f7dbd61c793054091d3ce412c910a3

      SHA1

      c9a574340a85b68f0a60d1c3ee118b665cbf2063

      SHA256

      5aa0b7be54ee4d38108bae1093fad9b519d1b08f1752f9b9ab00e81dc9a6a2ad

      SHA512

      cafe0aa806ea10220a762ed9713ca75fbda653e15e060e8fd235a2f7f02dbbb7133bd9cbbf1d9467927707b8e9092684291d075acbf51be1fdc12e67563f4620

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      16KB

      MD5

      35f3b552ce41a06bb2cec26e3ab71a2c

      SHA1

      351b0c87d6c486bfe58abb2eca72bda4670042e6

      SHA256

      57282eb40c038e7b4e12e5a63b231af5d05aab5d23d3e94e7bfb8f94a7af4927

      SHA512

      8f96b8b7725c18f7178f8ead9d693cc248d8dbe6f750166ccdbf320fe5009d8a63bd2c7230ed9ecc3285e7dee9f3fe9c496df00dd5b228ca4c772688959416b2

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      2KB

      MD5

      a1bc6645c84efb23730a0ad16a0f2a70

      SHA1

      91a569deec170a5377604d52251a4d270d62633b

      SHA256

      4225be8b31ab47be637bd0954d7534574a3f691ab195b988349480deb94150b3

      SHA512

      b1dff4a95a30db74b6dac174612bf5d79e67081f00173cf859e333652053017d144c3ddf714205789c11b1937a45e9973133ba16ef6c63c5bf2a8c28eda53bb3

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      4KB

      MD5

      050f7d1db71d9ed50a96f9426e8e2c86

      SHA1

      d8d75afa829e442a9f74cc22ce9f92c025791e47

      SHA256

      26cd2bcff5d48d211419bff68c407151dcf5546437055c1e4d00cb53a35e9de3

      SHA512

      beae96b027234744d5d4319999eb1132ed534189eaffa4074ac4696745834c17ccb840e8a01f3079e3c22dc892cf136b3a0c07f96dc238a4ecae5d873ee08010

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      4KB

      MD5

      15f51cfba0dcb27786af46f54da46896

      SHA1

      cc0435329fdffda352970f8b4c37bf83a960964c

      SHA256

      1659e71b9262be4b0747065c76c0b4b391261cc3c7e7adc4946fa5ed6aeb7563

      SHA512

      38952a9e5135aadee8ebefdba116c992dc7112bc2b550406fe83ba275b971d0112f16b012d0fef51c9f51aea1ca6ff75fe1ff46e0d104d74e232daabab6d45a3

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      5KB

      MD5

      4b246821bf38d4515729d9d8e33d3361

      SHA1

      a6d1bf09e56b3e639e26802fab77b067af9284b9

      SHA256

      cc025aeff8e93bcbb53065cf7d5c1d66ccf8a008b9076eac63a21f43e89d4c5c

      SHA512

      c6a1e1fd486dd79fef938147c3147af761c2bf1b115c0a162df2d4b2c6d804659d40e2531ef167842a89231a991b00f8e82585244de7d6ba1aed598607f957b9

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      5KB

      MD5

      c5bb1c374e2294655d021d5bed4e973b

      SHA1

      316fc4fce8d05b3c4c2536360ac218bc36a3ea3b

      SHA256

      b0e0ecfe80b8439b63f77f895dcd1542559e996d2681c7b493384329e8f857c3

      SHA512

      f411877e18aee06f39a8b85a148e4d09f420712df53af0cf6de05f2bd7b952f91f4900fcb7a606ee43c3560c12185a325e1e606f1fbe409f7a8aec63633dc0ba

    • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
      Filesize

      6KB

      MD5

      75aa1ce75d08f5f58836d805d8064ed9

      SHA1

      9dc3a7d5573e85c15638f7626fc4d1b24f655155

      SHA256

      8b38be868c4067c0cd8199229ff9a86c44eddf4060810da6820b07d64881b06b

      SHA512

      ace30f14437a181df750f46184d44c7f897ac85aef2a32faefaa03bf58c8cacfcaaec35b10f1861f387322bf574423115fb8824e375b260f755dd204cfe97667

    • C:\Users\Admin\AppData\Local\Temp\hd.vbs
      Filesize

      245B

      MD5

      d8682d715a652f994dca50509fd09669

      SHA1

      bb03cf242964028b5d9183812ed8b04de9d55c6e

      SHA256

      4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

      SHA512

      eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

    • memory/1728-88-0x00000000012B0000-0x000000000134E000-memory.dmp
      Filesize

      632KB

    • memory/1728-0-0x00000000012B0000-0x000000000134E000-memory.dmp
      Filesize

      632KB

    • memory/1728-39-0x0000000003580000-0x000000000361E000-memory.dmp
      Filesize

      632KB

    • memory/2556-89-0x00000000012B0000-0x000000000134E000-memory.dmp
      Filesize

      632KB

    • memory/2556-40-0x00000000012B0000-0x000000000134E000-memory.dmp
      Filesize

      632KB