Analysis

  • max time kernel
    159s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 08:12

General

  • Target

    baabc827a9d4e7a674e1362562a248f6_JaffaCakes118.exe

  • Size

    40KB

  • MD5

    baabc827a9d4e7a674e1362562a248f6

  • SHA1

    0dd1f99734e4ea1fe1d60e53279acb475638d08b

  • SHA256

    070221e4d974513c55b421f7555e0ed8ad918ef371d0fa3b82eb53d69d5cdce2

  • SHA512

    48413d47b2e550318ec7b58a3f07e22bec3dc1b3420a94ad8ed3b2e42c9b8958fe104f11d0b130d696783b3fe27ac086be91869c540f459fcd40f2b75e7b8d70

  • SSDEEP

    768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtH86jP:aqk/Zdic/qjh8w19JDH86jP

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\baabc827a9d4e7a674e1362562a248f6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\baabc827a9d4e7a674e1362562a248f6_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4468
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4584

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[8].htm
      Filesize

      132KB

      MD5

      40b1e13238e5925b25c1180d3fe8ab33

      SHA1

      27548db79f5e244419f20d0584f2398bc363e010

      SHA256

      2087eea9e22b9e24828c7524de9706c2800dc0d4317ef05cdd6d15dc9bc2ba46

      SHA512

      0647bfe40b9df2f86639a94063a8c7b1d9a0d8e027fc0fe9bc4268aeec19b13ab04d7f308ac449ceb3c9514fe3b6a024ab835c9e2a1134d9ae4a3c90cf5d7bd3

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search11BTANAY.htm
      Filesize

      115KB

      MD5

      8fdc1aed8055b45fd725887ee8235e1e

      SHA1

      7094a5486b3b6eddd8f25fb9e36393c0571f07d9

      SHA256

      64fbafae4f0a5e84715041c70e19722c3371d0b87e5471bab04eb23dac2cddf8

      SHA512

      d2f588e8227a9ff6f979c2e6b715b296d391a853fe22922d94a104ef5aa47e81178587d01592822e56cb13baa197779775eedc2265d0a22ca7a4a42061107a74

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchOE6UIY3D.htm
      Filesize

      157KB

      MD5

      c9a78a86059242ae9b1b705001961e33

      SHA1

      a2a992f6e1cf6603c860cc2ef532b092d373420f

      SHA256

      64d4cefee42c8c840b1c92170a945471619e2ff0126f442dc7e8cf15a9b5025d

      SHA512

      102b65013db8e47e0f7b2b0dbe1c073f0b1ed96379dd9df4de29a129aff30188f5b42493cf2913838dd90682d0e69178bc7b6c8caf29f4116eb1ef3f1dc20a46

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[2].htm
      Filesize

      25B

      MD5

      8ba61a16b71609a08bfa35bc213fce49

      SHA1

      8374dddcc6b2ede14b0ea00a5870a11b57ced33f

      SHA256

      6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

      SHA512

      5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\MXVY0QD9.htm
      Filesize

      175KB

      MD5

      f7a9ff728961f3f5d957a64e48af5954

      SHA1

      925879cd22d9c70d27157112eff581ca1b0a0d8a

      SHA256

      8447d08e3f4f481d14873a3fa3160b790dd657435a8abe2296d6dd3e5f206d53

      SHA512

      3bdb6d334878053cd59f9fc0f57f8c271cec981db275745b6ba8d98a3e678c88073fbd6c16351f68bdc79e9be35429202c6dc9f15d53bf793bb0d4a415368277

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\default[3].htm
      Filesize

      312B

      MD5

      c15952329e9cd008b41f979b6c76b9a2

      SHA1

      53c58cc742b5a0273df8d01ba2779a979c1ff967

      SHA256

      5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

      SHA512

      6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\results[1].htm
      Filesize

      1KB

      MD5

      35a826c9d92a048812533924ecc2d036

      SHA1

      cc2d0c7849ea5f36532958d31a823e95de787d93

      SHA256

      0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea

      SHA512

      fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchB34UO363.htm
      Filesize

      134KB

      MD5

      ff238e04c63337f6eca881b4e80376bf

      SHA1

      6e54095d62f59c387659d8f4f5f77fadd19a1cb0

      SHA256

      6ffe5f464bfe4c2a48e111f7c8aad8f018cac1c44ddeec64fe6fc7c9b364f59d

      SHA512

      88aa5983c42f560212511e08dbe1767f0039cf1cf74071c895cf4a38660a842c7ad22a01c72428c20762601b4ca602d45a4bdbd8ae76efa15129bd2aadecb0ac

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchE8WTUKAP.htm
      Filesize

      141KB

      MD5

      b93622547bd84870daa91062f827e2c6

      SHA1

      bb065077e2800fc2e063f26bb4a5cbd1d9058cc7

      SHA256

      35fda38e7f7ea0d20fb13d74b89e08add1e6ae70fc5598bf0d4336a4a409ea13

      SHA512

      bb7025faac22b775d9e6d7598e7d1786b8eadaafee751362a185ba12f6a36093769643275c47fa15478e0ab46c35c75aafec4cc64cc3c7daf25742477b613f34

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchJYK1E8M5.htm
      Filesize

      166KB

      MD5

      f2ce3981300ee41d33bb96aef8024734

      SHA1

      c6347382412ef1d33968dc0632efd11ec5095fe4

      SHA256

      f4c3df8dc34a017be8707c4a4915b6f2fb26c5956bd769ed24f99ffda13d6d28

      SHA512

      d5de9fced210531426114a1bc7a076953626fcbf36e1dd26cee2fd6f3e6b60379ce6a2c7e3393cf1b0541aa735b5c3ebf8b3cc13ce57339033a3f14de01c24eb

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[3].htm
      Filesize

      151KB

      MD5

      d0ff251eb7a6e2b0a0885af103185831

      SHA1

      fbca03b824a1a29225f558ddc5b05880bc6946c7

      SHA256

      f840d54485cc1fc63d31d7cbbbd19b8ae3aa9611e0fb84a972830b97f89055a7

      SHA512

      a319ab30eb60663d9bb17e351c171d84f188df1cd7755871bdefc9191162761ae2ab09b136fa9bec856810a61027225cf3f1f245068314f8eb4a311feee021a5

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[4].htm
      Filesize

      151KB

      MD5

      fe053c0abf23a0555cb6f50976154ce1

      SHA1

      846b6da2498e2aa4ad384a5741eae217d8a4781a

      SHA256

      0969f2c4460248d9770d0a0d6513d38ee3fc1b52e683632f3741ea81a49ba6c5

      SHA512

      1d078ebdd23e5d5ccaff0d8f0124d59cd481d54319a6e7853531156bf9598e8a7354270a2777bf6df51cba86c467bbcde59d15633521dfc57a392943fe52498e

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[7].htm
      Filesize

      137KB

      MD5

      a0408b0026189c5268f236e173c86ca1

      SHA1

      ffa78cb8b92699e46bd3fdb18e129a5c79f00c68

      SHA256

      f78b04d12aec092942207733d1f556e1be2bc6c258bf8ef0853e1600d2230231

      SHA512

      5612e781b320323b40bf662fcf26133c89aaa40ad667a4d4c7cc27957955a1eea2cd5f8686682bbe886075f3176edc2c0d7853f32b82321b56c2f9b9c7eca3f6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\results[2].htm
      Filesize

      1KB

      MD5

      ee4aed56584bf64c08683064e422b722

      SHA1

      45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

      SHA256

      a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

      SHA512

      058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\results[4].htm
      Filesize

      1KB

      MD5

      211da0345fa466aa8dbde830c83c19f8

      SHA1

      779ece4d54a099274b2814a9780000ba49af1b81

      SHA256

      aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

      SHA512

      37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\searchC89RPSEQ.htm
      Filesize

      167KB

      MD5

      791dff28c78131a7678d142c61da0427

      SHA1

      882ad84afc4565adc76f51b0be4ddff032775df6

      SHA256

      592b54b4bd8dc0b81e8afcff7ffbb128adf4c1bd298739da54df8070ef29be2f

      SHA512

      61401bc63ef7eab48185dbc0e1d7c285ece0d6881c9574237d4224513418052754d3a0fc6349756b5aeba38720a1f30850ac57d7b87327f60bdb1577be4f331a

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search[1].htm
      Filesize

      170KB

      MD5

      5fbd90759ec414ba91e058d8bfceb27d

      SHA1

      a35aa8965cff3781870dd5cd9881b15aac08c71d

      SHA256

      efea3bb16b6064ad82184075bb709e283f95d400ff66554982b9f2af4b40edd5

      SHA512

      f93ef4905cb90ff6fc3de361f79875e50a1e92ecde212c21799f7b99cfcbba6e735880c485f863dc7ec8f52e77f0affddfbdc99f33b98cd8d0ad24b6ed7ad303

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search[9].htm
      Filesize

      112KB

      MD5

      b2abf7415c3feafce5703225c94d52a5

      SHA1

      410499662d7237c260ee567c7d1392189c9b5d6f

      SHA256

      e3c7ba7c73240839a83c81b6aa882bc06fb280f09a6216aaf9b9b41474616cc2

      SHA512

      2689c3f2c30b00d7ab2623496bea66cb057f0903475f2934c0fb9d14c86804fa164465e25b3ed7ab55857a893cfd20bed0ec3daaf6cb726fc21441d3376ee7c5

    • C:\Users\Admin\AppData\Local\Temp\ngnckogk.log
      Filesize

      1KB

      MD5

      700cbade37758b68717fc1ed72bef7f4

      SHA1

      11264c9432884b38e2cb2fba76dca321d8015ce9

      SHA256

      5f302a82eaf0de55813a41a0458ba409424bf6b66e3bc51574bb9ee91ffa03f0

      SHA512

      1f0a2b1fcd89a9ff78725c7e094d7c9726ad15c941a805c5d76e7c1bf5f089b2796b44c9092d41fbea41a57f73de9c5dcf98c16c48a0191433eedf6d042146d8

    • C:\Users\Admin\AppData\Local\Temp\tmp59B1.tmp
      Filesize

      40KB

      MD5

      2f123807423494114ba80f352f9680c3

      SHA1

      c2868428a31d666427e5e0d84f23307588f540c9

      SHA256

      8b649e89923be435f5094c175d93636bebc9db6b34b6914ed40079920d629461

      SHA512

      921bbf6711e49df18bc2f0d5e56e7b4c1821819fa02a840c967439356669852498b872bace56bee3e853548913e2d9396c4c2ed0c22415040aa30f580f74cc35

    • C:\Users\Admin\AppData\Local\Temp\tmp5B91.tmp
      Filesize

      40KB

      MD5

      8f40dfb45f652cc28b1c307f55c6629a

      SHA1

      920d5e54cc07d175fc3f917fa44f80d225d2c613

      SHA256

      a1b9eecb96645ca1e9c709bbebf87106328887a6060ad22f92e47a1e6799d3d7

      SHA512

      252c92b8c3e5e8ff2ba8dc8c8edb3b6b1c6e6d77560551e21b2e17b36812577739c70ce9b3f8cddc333f8fae787179a73ba18c04eccb62b57a15c7aa3d9b16bc

    • C:\Users\Admin\AppData\Local\Temp\zincite.log
      Filesize

      1KB

      MD5

      d8f92b8c0cea2ce31ea6a60766528ecf

      SHA1

      5404cdc70c686cffb00c2d174c59e6b6ffba69fe

      SHA256

      0f15236c503d744637aeb96a7ed90862376548327afedacb2378818d20f17d73

      SHA512

      991df40da2622f2a4d9dc02b0a20d4b1d6d4ee07dd8c5785fa5193a8e1692d692e26dcfe6360792f3fd36a4b456aef371d5b3b8cdf44a3c70c7de8c581f8f33d

    • C:\Users\Admin\AppData\Local\Temp\zincite.log
      Filesize

      1KB

      MD5

      1da89ba450ac44fdf55f9f08002dcd79

      SHA1

      2e3648c17c1b64a22a65e7e13a87db79cb6ea1a2

      SHA256

      9f9f433f93f4a12d213aa63946b4fc4e7f18b94f7fb9cf983c25c7fbf76909f0

      SHA512

      20cba0cf76c4f2e228e30bcfd1c46d5610c0d45150bff13f6cfb5eac89eda8d6f456dca4d22d7b3701f8007693d2348eb326debe8548881dadec850fd39e4a33

    • C:\Users\Admin\AppData\Local\Temp\zincite.log
      Filesize

      1KB

      MD5

      16d875e92cf51ec46ed3076a7ca0dd76

      SHA1

      3e4e341fc2dee861e5d68624961a4d1d29f18d83

      SHA256

      4a5771ac63ffc8cbd73b61c20ee04414e6e61d27761b85829639b9235d40a2d2

      SHA512

      647368b1e35a3c5054644855744218584dcdf29b629ad97b481c3216ffaa1f21451168c567c4f344b8a5024e8b54d136259c94c3dfbbc24d8831e57b2414f199

    • C:\Users\Admin\AppData\Local\Temp\zincite.log
      Filesize

      1KB

      MD5

      fce7c8e9d8172d518297ee98f2a63ac0

      SHA1

      e3de8c615f68d0509ce13728e0538d8ba2178b60

      SHA256

      596bd4a03ed5c013ff7b576802047dd3ab76f5faf72b5e88c0ba7ea2efa3bf84

      SHA512

      495c3dbbc1fe31bc5ce646f8c257930cf9b15d78951a51b851d576be39b60c5e4f9563ed4226c1aa1d593aad9da92da9926215e5597ff913a60454efdc25301b

    • C:\Users\Admin\AppData\Local\Temp\zincite.log
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    • C:\Windows\services.exe
      Filesize

      8KB

      MD5

      b0fe74719b1b647e2056641931907f4a

      SHA1

      e858c206d2d1542a79936cb00d85da853bfc95e2

      SHA256

      bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

      SHA512

      9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    • memory/2420-0-0x0000000000500000-0x000000000050D000-memory.dmp
      Filesize

      52KB

    • memory/4468-31-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-320-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-356-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-317-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-296-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-121-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-30-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-26-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-22-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-18-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-17-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-529-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-13-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB

    • memory/4468-5-0x0000000000400000-0x0000000000408000-memory.dmp
      Filesize

      32KB