Overview
overview
7Static
static
302b8abad47...18.exe
windows7-x64
702b8abad47...18.exe
windows10-2004-x64
7$0/uninstall.exe
windows7-x64
7$0/uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$0/zwankysearch.dll
windows7-x64
1$0/zwankysearch.dll
windows10-2004-x64
1$0/zwankysearch.exe
windows7-x64
1$0/zwankysearch.exe
windows10-2004-x64
1$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
20/06/2024, 04:14
Static task
static1
Behavioral task
behavioral1
Sample
02b8abad471036589e86b8b94d98a345_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
02b8abad471036589e86b8b94d98a345_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$0/uninstall.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$0/uninstall.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$0/zwankysearch.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$0/zwankysearch.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$0/zwankysearch.exe
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$0/zwankysearch.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
General
-
Target
$0/uninstall.exe
-
Size
83KB
-
MD5
26d12a09fd0b7b3e32e93355a3a110af
-
SHA1
1e1e8772d579ae03fd6f35a7b95fe6fd384cf5a1
-
SHA256
82a1fe8e22e3e3ccb149d5bdcc8cbfec18d89dd9277b909e725faed309165487
-
SHA512
524df1ec0ad2980236601fa1abfd30451f4d3eac681ad50d12ad9b981f5c75ff7b0dab0541ad269edb5e4e653088635acb1522f1c2d8bd0816db0be11901aa56
-
SSDEEP
1536:WEkjY1zy214Qay0DGkJ7qAELVigJ83ZKRcpw/1q792sX7Ia12/DCJ:9kjAJ4dDGkJ+AI0vcuo1qRka0/s
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3640 Au_.exe -
Loads dropped DLL 2 IoCs
pid Process 3640 Au_.exe 3640 Au_.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 1 IoCs
resource yara_rule behavioral4/files/0x0007000000023269-3.dat nsis_installer_1 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2112 wrote to memory of 3640 2112 uninstall.exe 91 PID 2112 wrote to memory of 3640 2112 uninstall.exe 91 PID 2112 wrote to memory of 3640 2112 uninstall.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\$0\uninstall.exe"C:\Users\Admin\AppData\Local\Temp\$0\uninstall.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$0\2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:81⤵PID:3672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5d765c492c21689e3d9d61634371fd861
SHA1ac200933671ae52c9d5544d0e2e8e9144d286c83
SHA256551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc
SHA5129919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f
-
Filesize
10KB
MD5fe24766ba314f620d57d0cf7339103c0
SHA18641545f03f03ff07485d6ec4d7b41cbb898c269
SHA256802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd
SHA51260d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3
-
Filesize
619B
MD557e3fc8c783ec6736105fbd36bc2b692
SHA17fa753e57121a6b9810c904444e212a25c4cb3b5
SHA25634e0300dc7c8fb6c2e9dd5b26b5c6ee44d742890cd6c5fed651b4f9c0d72172b
SHA5127f2c0f49d7a462a19f87dba51299c7d78b0be60a35d7a0c0b4e8eb78bcc8912b4e05bb0fc0ae55e5d6856bcac3a5f198b7d54cc33e541834126491235a00cfb7
-
Filesize
83KB
MD526d12a09fd0b7b3e32e93355a3a110af
SHA11e1e8772d579ae03fd6f35a7b95fe6fd384cf5a1
SHA25682a1fe8e22e3e3ccb149d5bdcc8cbfec18d89dd9277b909e725faed309165487
SHA512524df1ec0ad2980236601fa1abfd30451f4d3eac681ad50d12ad9b981f5c75ff7b0dab0541ad269edb5e4e653088635acb1522f1c2d8bd0816db0be11901aa56