ea2616043f9724d12c47b158e32f51e608ddceca1f33cc2b7269d3417ea2536e

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

657dd392321515849337a969bd98afc6_JaffaCakes118.exe
Size

28KB
MD5

657dd392321515849337a969bd98afc6
SHA1

3f9d6c13eb51ea385f58bff1cbcab7ef2c56dd68
SHA256

ea2616043f9724d12c47b158e32f51e608ddceca1f33cc2b7269d3417ea2536e
SHA512

c1a6f8f71465c74f1ded063084d19f80effeffc24d3c1159ea4223f6be56d7d21e2e000c9c6a180993dec83ccea058a7c95dd9c8a1b944cafcb70934047108d7
SSDEEP

384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNos8:Dv8IRRdsxq1DjJcqfq8

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3584	services.exe

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3148-0-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/files/0x0007000000023431-4.dat	upx
behavioral2/memory/3584-7-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3148-13-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-14-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3584-19-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3584-24-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3584-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3584-31-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3148-35-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-36-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3148-37-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-38-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/files/0x000500000001e740-54.dat	upx
behavioral2/memory/3148-208-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-209-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3148-212-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-213-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3584-215-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3148-219-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-220-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3148-312-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-313-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3148-433-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-434-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3148-599-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3584-600-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	657dd392321515849337a969bd98afc6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	657dd392321515849337a969bd98afc6_JaffaCakes118.exe
File opened for modification	C:\Windows\java.exe	657dd392321515849337a969bd98afc6_JaffaCakes118.exe
File created	C:\Windows\java.exe	657dd392321515849337a969bd98afc6_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 3584	3148	657dd392321515849337a969bd98afc6_JaffaCakes118.exe	84
PID 3148 wrote to memory of 3584	3148	657dd392321515849337a969bd98afc6_JaffaCakes118.exe	84
PID 3148 wrote to memory of 3584	3148	657dd392321515849337a969bd98afc6_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\657dd392321515849337a969bd98afc6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\657dd392321515849337a969bd98afc6_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CWF229A2\AI4OZA1H.htm

Filesize
175KB

MD5
e25c2e1fc741ae3685f034fc3761f1d5

SHA1
7f89c3f0ca592eceb8bef7a66d9a4a98ac5cd05a

SHA256
0db5c3a511a82d22b04019e6526511d49811aa9d208edb915997f2b9badba587

SHA512
84e7365294fdcb89387a40e7e14cec1cc6d8b942d24c6718da755bf94fc2a371fb75da874a2dc23ddbc1b469d8076825136b4a5cd9694aa51a089eeba3b52295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CWF229A2\default[1].htm

Filesize
312B

MD5
c15952329e9cd008b41f979b6c76b9a2

SHA1
53c58cc742b5a0273df8d01ba2779a979c1ff967

SHA256
5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

SHA512
6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CWF229A2\results[4].htm

Filesize
1KB

MD5
ee4aed56584bf64c08683064e422b722

SHA1
45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

SHA256
a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

SHA512
058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CWF229A2\search[8].htm

Filesize
158KB

MD5
30180bbeff4adab6ededbd766d179c8e

SHA1
55411e81915870d654070043089ca40d1fe106f8

SHA256
92b23741879d80a8baa1d1caf05aad0c7f2a58321c786071d75bae32128eb09c

SHA512
d750e4f0540dd3bcd566a42e0acca00a1a7d2aafa41e0653222e51f7865a7ab14f77591212f43a51f937861654a6c02f4b9e9a7273293b95a26b92c69705e619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CWF229A2\search[9].htm

Filesize
120KB

MD5
9e3437b0aa2936fadbb4e5b1f4083805

SHA1
0511dd47744573a7b8a96725f1e256c4c90a0dce

SHA256
e77faf1175b4ca0ce90d1b36047f581481e17da1504ecd397ed3635de94706ae

SHA512
6d639521177a6a132404efe0793cf99d610e3b3e4ccf3c002d77e804850ada00802990135aad3b8e5410628f1eee81e64fb9df17b75a0c88261baebaae47dfd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FMLLHXYA\NJWT7VOS.htm

Filesize
175KB

MD5
b41588d09f9a56c9c66520383929e772

SHA1
a21586384bd77427e9492f1bc9aa430326a0f8e5

SHA256
ddad337e2551ef5fa21ea305bc9f71186cf7930827853a33305631aee1b31ae7

SHA512
2dfe7b8c5dd8ba7bf8cd1992d57c384ce8fe38cc796824a9fb8e50fab450fe0a87f4e98fe6e7b614777f87cde917d7c734d8119f08f1f86e299002020ee4a316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FMLLHXYA\searchH38MKUF5.htm

Filesize
145KB

MD5
e8eea47b50b341d153939f6670515675

SHA1
e046f1d863242d5fb2d0053628663303e8020661

SHA256
bc4a911b18278a129100ac3eb13daac3b014ca52b9b98ff9cdbd70922a57c14b

SHA512
b6a92daa585c227c4fa39f6fc9c8112e3b772fd5d18060862ad2ff9c6a77f25e055294a4d24ea3a7c3e852bf69433b2e5724f24608e36c6818425ab9daee034f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FMLLHXYA\searchTN4M589X.htm

Filesize
121KB

MD5
8a4687a4a6bb74a18d60be50a452b3ed

SHA1
60aaea6e6ec498fd56bc173b4553830edad7da20

SHA256
6d5c0327527503248226385a88e7c8546531a75b13c07d51ef2e76fd38dfd95c

SHA512
e48f48712454dcc89507a0c1e977c5c3c5c63ebc634d03ae6caaed3ee1afc25011bb70b299a653b2fe78eeca83cffff78e737449b59462bdbdcdecbe266f7c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FMLLHXYA\search[10].htm

Filesize
138KB

MD5
b3c3be59dc0e25207e31a11b17079f53

SHA1
fb2d83d4249c5f8af638c3443a44be156c957c99

SHA256
dd24ab14edc38ab9b6b7c736fa96b9b288aa864d04d351447b2993274e302289

SHA512
704354c8bd71964212ae92e9d73aad8e8c5fa2cdf2e9d555507ed07d14cacc9efe6da66f86f9e5713dae9f118018ad7b20689b1c9f519bb300fb17a2fcceaa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCRJMNF7\results[4].htm

Filesize
1KB

MD5
211da0345fa466aa8dbde830c83c19f8

SHA1
779ece4d54a099274b2814a9780000ba49af1b81

SHA256
aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

SHA512
37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCRJMNF7\searchU7L1WPDE.htm

Filesize
120KB

MD5
efdac7e340833187c46990dbcfa260c6

SHA1
5c74477d830e2ec5ade43efa30a7e5729f9528a9

SHA256
1b9cc544f540370bafda68b384666429b618376e23beac070a233273d7e53621

SHA512
6ec869c0ede8edc9b473248faa57b2196f96dfad7a342d0d60b6581fe0f963c5bfa410993fdaa91c03b94cb5be8b713d8c055626aa2066678a3f417c8634b488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCRJMNF7\searchZ5MVJ0LU.htm

Filesize
115KB

MD5
ad4d9462915f3d71fdc94c49ca1e1fb1

SHA1
029b3f3934fc89e49aa19bc5768c71a5281d2a10

SHA256
82663df69575df9396c957966774ddf2fa882e89e6646e993cce9e793c4d5a6a

SHA512
fab87853e2b0476647219a232b164c634227a104a1dccd58ff75bb01fb6f53faba6993460109b8302a6b2eda553b0eed69465c752deb0b4888b9fc33a97a4f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCRJMNF7\search[4].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCRJMNF7\search[7].htm

Filesize
149KB

MD5
b26befa8711f6ba14fbe6a77a693bb4a

SHA1
21c61b9b67f0e215b5191720b0d6c3dd0bd576e6

SHA256
2e90e4393ad3fb99ee7c0412c9a6484a92be8f3ccfd3c39dbedabf85bfc0d38c

SHA512
679476b046c3df86654e38c173a2b95143bec2f93dd931c124b7cd8cf31365662b65c42b653ce070e5573c4ab9d79d27ee8d94a0e25e569f644918c4b3014694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q90VG4IN\searchF6XJL7JW.htm

Filesize
114KB

MD5
c327e5b94d3b8fe9d3d1806d0768f838

SHA1
c97e6716bda1b80c3575f24d760a453f43d7af59

SHA256
2e677693ac866731c3a8e78beed255a9b6c98c50786b3956db33ea6906d22260

SHA512
42ca65cc68e6e8e320b9fba1032ea295c8db00e08030dbb9b664cb9f8933e285582f61657a4648f18ecf6c4d26d8b20adfca2fc9379f5227d29f02b214febf15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q90VG4IN\searchN6TDRZYL.htm

Filesize
142KB

MD5
a8f4cf71a7c4f1445bc23a79c2727062

SHA1
00af5362532d74a67bf50459b13f1a8e119e3cb9

SHA256
34a19e0317abc59ea2667c1cfa2f89fc2ddb759b9468215846d1e14c575f237b

SHA512
af5177a751e7e213509c8ff584335613e874e187256796ebc275a73aee156f849e77c0f867573faaf1fb0bba1c81e5797becbdbe23667d4df18e51857d810253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q90VG4IN\search[2].htm

Filesize
103KB

MD5
deb5cedf622095230e854d89830ecc7a

SHA1
d1f59fed90b262dad1c789cb10020fb561c59d34

SHA256
813660c5222cc2502276443ea6f81244eaf531f51f4feb57eb23c44284f9705d

SHA512
c2a02d62bd8f9f0fe47843b9d9f1b1fdcbcee648e3cc3b6560d5da18b7309946f3bdef31c486b23254a02e474ad945fb78637f4a0b75ef051598e4aeac564a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q90VG4IN\search[7].htm

Filesize
169KB

MD5
6afb4bae67f39bfcf335ba09d7b86717

SHA1
3888d29c5969930305d7cfe0bbed97d68bf9195f

SHA256
9a121d5777c8fbe07dfb64246c3a547fd68983aa376cb4e0a01ffe398b7aa0a9

SHA512
1d65bb85be48d7c4419706ef20fc66f1afec18ab92486942c91f94d42f9afcf166a30dfe8807c4656ab307f06a374501e2ed68e945d823dd4745a84184962e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC14A.tmp

Filesize
28KB

MD5
42a0dd6e1d4c1c5b630cc17c916096ee

SHA1
04ca21b7a34ab54100384f4a57e7c54e05c47f86

SHA256
774de43ee8140b9d2dc6a2bd4ad9b4845236c2de168e60db7ab8559782775563

SHA512
5de534b5be25d43f4b62c3c900ebae6c70a1818ffbeb2da0e547083042a740f898805b8362570a588e8df35be184610a922a929545c4ea5872ccc2f42e5303b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
2a949b8b58f23534e2bdac91fbef96cb

SHA1
5c3d9bde9df635be4b731e488a04f2f40551a853

SHA256
0ad2ed3b0a38db14e2571f1addadefff432be5828607956e662b07e7ac922dcb

SHA512
ded7a9f4308cf0f34308f75fcbc2369654cd5bb9680637bd224c9c1e4ea48bb4cacef86a91c6f12d885431412d9e2db0d193e29540e8a86f044cbc730733d927

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
cb71742f1174bb99ccc0e30a769a0ac0

SHA1
170c2fde6a459b02b2141ac1f7d5f294de71df16

SHA256
9d4bf040419261ea028a33bfdb1a4eefd24da836d76e36886bb1cd26b257a9f3

SHA512
e8b2d4cf8956590961471e73c2956197f306902fcc39cfb158a4f99cefa25fe912816716549698017bc4639e0f29eabcd3acfa802d5be0d18289132bb1d54b59

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
9ecf814dc2867eee18dfeb903ea67f73

SHA1
c60f8531e730b566bb9f95ab14b049cd9e09db09

SHA256
45cfae71de15a2f208abfbb2752e737f9da7a09d0099ee9b83f7eb63399b13d8

SHA512
2a59d0a6bf964c54e2787a08641d7994a6b4f22687b43f46c3535612bffc0e214319bbf9b698c8a1cf20c475ac8611a60995315d56250865c5020574bc9f2859

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/3148-599-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-219-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-212-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-208-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-37-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-312-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-433-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-35-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3148-13-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3584-215-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-313-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-434-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-220-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-213-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-209-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-38-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-36-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-31-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-600-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-19-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3584-7-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads