Analysis

  • max time kernel
    141s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 13:45

General

  • Target

    a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe

  • Size

    227KB

  • MD5

    a5dbaa806f205ed76b1e389ef7934c06

  • SHA1

    deaac3f62970e4a3c3087c21eed44c6899560ea2

  • SHA256

    16e2e3285781170bd60f881927443d71c0c0cce4f5bfe8b1d7e2ce844ce4c646

  • SHA512

    8895b86c99882b2e77d55a71b27812d85c3bba720b102a7ae72454c27721951cd6ec2d525d9d636580c7c7b914a42a03c84f97b13df19ec909b043c9d789a54d

  • SSDEEP

    6144:KifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRV1C:9fk6kDqHw2hmxlrz2HoSRu

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4248
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:1592
      • C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
        "C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
        2⤵
        • Drops file in Program Files directory
        PID:2700
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1416,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8
      1⤵
        PID:2100

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        8KB

        MD5

        28d37f2fd08205fff052877e5c32333e

        SHA1

        82fdfa1736fc9364fd7e1ad24f90b9ec92f2b282

        SHA256

        af3a910f97deb0b05248a19ab2c641d7decd2e67c3659da4e787ed40df1ba739

        SHA512

        a37dea02725f9019778f27e7ff1b8fbeea3e3b0a09b840cd25a949bbb402e1761590b5f1fe82f1378c1b2c3d7ea50d9980a5f39e1711753d0e5ff0c2d975558a

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        9KB

        MD5

        289dd77ecc46860e464ed64581d56fbd

        SHA1

        e0e3f59d7b18ec3354f4956d95f855f640017a17

        SHA256

        992dd6b601acddd8aaba18cc682da4e7686120833a36e970f778592b450f5c16

        SHA512

        104b72de8ac711389287a49556b6f74f5e49a0d859dda08cb070a3c35e1da68bf5255eab572670420b6ba7179e3651602b92b74dcebf375b0b8ee8e77c890934

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        11KB

        MD5

        a82ad0b6b28ef957a645865f05fe5705

        SHA1

        d6b8af994450368852e067b58b9c1b532067f8d8

        SHA256

        b066afdff965d84bd70d7111dde6b4e444767217ec262da4d4b1e0c5bc200951

        SHA512

        ffdcc35acc5348336316f65934c7762a164ebe176e57d6821a576f6c3f47c857291c5a9a43f36ee8872188f06dd95126c66d6926fa8a87b81675747f3c04bbc2

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        11KB

        MD5

        d2b6fc0d52339503cf9a0636b510f795

        SHA1

        a5f4f34f82b7f20baf5f699f5eff8559767b7cfc

        SHA256

        9ef6b064ed64f3a82b04dfbfabdf2898976fb8a33d74c0974429f7992e37fd3b

        SHA512

        65ec844a59befbdefec166b9350a0f156763b224c9e3bfd42996820f87568aa16d337eeeb62f1746fdcc3a9c440ffafb59ee864d0e1f8aae6ea6256b7f2adfcf

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        11KB

        MD5

        650686fa21f1d96b461482f5edb8356c

        SHA1

        50441de1e4960f18ec19d51a2e1d453b8a7553af

        SHA256

        aa261f5cf4232733f1bc50a3398921d8bec08564918de82d89da73f68712b6e3

        SHA512

        9ecde024a5a03f2d23379a9f79b7cf6605b1fd65791f2fd2b3957f973fe1d973508d8406f4ac257e05ab4a076c1df5bdc6d0db15b6ec1f99c40a096ddc9207ac

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        11KB

        MD5

        502d64ffecdd38efe3d8c5b5cf557ceb

        SHA1

        c5cbf7c00feb2ea3df665baf3680ecdfab3bd2dd

        SHA256

        f8a9ba67f6f75d798ebe3396c1d2097355cdd66d8855573afc9bdc2b179c9500

        SHA512

        325abdda80e0457f7481e5f6af6a25b9a2fe92f4d575a17330c30ef0ceb75b7cc9dd827d352526aa10bcf1ce88ed17eb30ea45517fc30385992dc28755882e42

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        12KB

        MD5

        d4afe3990fbe73e32cf6f2b53cbaaa05

        SHA1

        790e2a26ad267450165fcaa93916be4983e02cc3

        SHA256

        30759c51aa680bd057f8700556c980040abc14b2a2809ef5f48704f0aad77ed8

        SHA512

        d2beefa848b460e469988da24ada0550b723749a591925317ab715b36a2b03cd0d3eb490d26a27864ab4c79e874ba971b4e44cf4bd225d13714ae1f9ee65bbb9

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        4KB

        MD5

        44c33d09f9960145648e5db41644d47b

        SHA1

        fffadc213cdb83c657dda8f8ac5da805753142c5

        SHA256

        5c06e21981e163bc8010bbdac2ee0e2d3a1331e3e10572adfa67b048ddeb353a

        SHA512

        6f0b68264258b6051f179967c20ea4ef637f87fa1edbf26be2a0f0826afa506f2cf8518ebe6c08e63e9b56d560eda4bbd0ce081ca9e3210d9b73c2b7a96c34dc

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        4KB

        MD5

        64093e8205e577084927d9834d1fa2f4

        SHA1

        88837f0924c38e825617983084b9e91677ff8547

        SHA256

        51018ea82e260069e9423934fff291e5e18e3b01d69765220b5b4e3e56c1739f

        SHA512

        5094e1e513a0bfa1e36bc907e61af0251ff487f8b764e4ff0586250003caf93d413338429cd96e850308f2118bbf7421d2d43b31f2198dc70b113b466d621731

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        5KB

        MD5

        ce7807315aabd17b7a57b390be79b3bf

        SHA1

        33ffa87f635063528c7dfd875ff57c76abdd5917

        SHA256

        76414ada4e4a69807ace1d92815c02e526a176c9c7f5913e80f62b952df4fba7

        SHA512

        24f655a036f758cd290a8061881192b5b77276f0284d486accb5c36b9456dee508a523d87cd9af6b1ec390c3790a61c96d31d9b970f691587fbe9628b1ebfbd8

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        5KB

        MD5

        910aa6b047cbf4a10aaced0f874eb3f3

        SHA1

        a6ff9b9db996c3e8c921dbe5a8559b6a0f5f7c23

        SHA256

        ae80152b4e65da5ca6fe5dcfc81fb64b1bda1e738e0d05c3c5943da39efa8673

        SHA512

        41d8269fa02c066964d2092c4ba458b5078057ac68a99200ff8c32223b502dfc9ff4d0aa04e915b4af444654b1069146b3507394ca8a6272fe8b5fde49f2eaf5

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        2KB

        MD5

        b5caffe9554ef05eabe00675af81b79c

        SHA1

        7bbc34ea2e94b1737d336c8099411742713a1a44

        SHA256

        83e35d65a932b11a2c30116d2d80194b287a77099854f8bfd8c31477f3ec541c

        SHA512

        9f77a140f5f6b1a5aefbd8c711f7dac8551dde1c54dc0aea95f3fd8b70f218adece6825ceca5889d0e6d0bc1bdad20ff3f03ef62eac5d76e46cc169f6d557017

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        6KB

        MD5

        895f7f122b95eee031e515743b955117

        SHA1

        78a28123a6317009687b158bd2d67ba958d5f392

        SHA256

        301a2ad363eae9dd2e5abd3cc1cc20330e40698a70ca9217ccf174961ddca450

        SHA512

        b8830e9e54582208d9730803205a01d24b20962a1657ffec173605cbe3814eb9032107f75b38bab55f75df7f6cfb402d53c7090f2dd8637c35cdd619f32a2eff

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
        Filesize

        7KB

        MD5

        43984cb73563d6bc6af22d51dbdfd918

        SHA1

        e77642cf4f4ca655ef6ac62e18be6ef73fdd6ae6

        SHA256

        d2418fa57372921bd7b5900b46faa00a2c4522bf3e8c941148328baa48917c5d

        SHA512

        d17e8a9ce0c1465393bfaefea6a70a8c129022dfcfcc794dd3ebd94e1af795259aa77af5eddd61b53ecbea4abedc3a13a9b387d38118d5c577659199f7481d70

      • C:\Users\Admin\AppData\Local\Temp\hd.vbs
        Filesize

        245B

        MD5

        d8682d715a652f994dca50509fd09669

        SHA1

        bb03cf242964028b5d9183812ed8b04de9d55c6e

        SHA256

        4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

        SHA512

        eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

      • C:\Users\Admin\AppData\Roaming\Zona\tmp\133627599569060181javaSetup.exe
        Filesize

        153B

        MD5

        a53e183b2c571a68b246ad570b76da19

        SHA1

        7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

        SHA256

        29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

        SHA512

        1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

      • memory/2700-182-0x00000000002A0000-0x000000000033E000-memory.dmp
        Filesize

        632KB

      • memory/4248-0-0x00000000002A0000-0x000000000033E000-memory.dmp
        Filesize

        632KB

      • memory/4248-181-0x00000000002A0000-0x000000000033E000-memory.dmp
        Filesize

        632KB