Overview

overview

7

Static

static

3

029677a4a2...18.exe

windows7-x64

7

029677a4a2...18.exe

windows10-2004-x64

7

$0/resultbrowser.dll

windows7-x64

1

$0/resultbrowser.dll

windows10-2004-x64

1

$0/resultbrowser.exe

windows7-x64

1

$0/resultbrowser.exe

windows10-2004-x64

3

$0/uninstall.exe

windows7-x64

7

$0/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 17:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    029677a4a25f1f4d29223b989d2ac488_JaffaCakes118.exe

  • Size

    652KB

  • MD5

    029677a4a25f1f4d29223b989d2ac488

  • SHA1

    40a0cf5525ec0714870774da57e3a7e434040f87

  • SHA256

    b74202b42da26bced2ad73bc73b96faa8da54d1ea2049e4083f54b7b2a3348ca

  • SHA512

    06451d4298ffd4e6a5a10c6310fd80c5af11c2430e0b7a0d251b5fb7da90baa32cf6d9b44cbe21574decc8badc2b9cd0fec2585bdcc7d2f3db80d83f695576f0

  • SSDEEP

    12288:RfsJqbYp6TkQ3ykusestdhzgC7LP6BUQOVAJDSMEbQ5AFH/l:RE6Yp6TkQ3ykQwfz5LCGI1E4Ald

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 9 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\029677a4a25f1f4d29223b989d2ac488_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\029677a4a25f1f4d29223b989d2ac488_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\nsjFA39.tmp\resultbrowser.exe
      "C:\Users\Admin\AppData\Local\Temp\nsjFA39.tmp\resultbrowser.exe" "C:\Users\Admin\AppData\Local\Temp\nsjFA39.tmp\resultbrowser.dll" 1120000083
      2⤵
      • Executes dropped EXE
      PID:2776
    • C:\Users\Admin\AppData\Local\Temp\nsjFA39.tmp\resultbrowser.exe
      "C:\Users\Admin\AppData\Local\Temp\nsjFA39.tmp\resultbrowser.exe" "C:\Users\Admin\AppData\Local\Temp\nsjFA39.tmp\resultbrowser.dll" kadisuzude "" wajiwato
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2684
  • C:\ProgramData\ResultBrowser\resultbrowser131.exe
    "C:\ProgramData\ResultBrowser\resultbrowser131.exe" "C:\Program Files (x86)\ResultBrowser\resultbrowser.dll" cabawaji oxulalufir
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files (x86)\ResultBrowser\resultbrowser.exe
      "C:\Program Files (x86)\ResultBrowser\resultbrowser.exe" "C:\Program Files (x86)\ResultBrowser\resultbrowser.dll" unizemofoy juyudusah
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsjFA39.tmp\resultbrowser.dll
    Filesize

    560KB

    MD5

    6391c141e66f239b3795982dfa0248cb

    SHA1

    000a405e16ced32045ef4bd0e49641ad29355a09

    SHA256

    279af38f8e030b42b144acbf818ea0ac8e0c4fa8e040954312b60eb09b88a34f

    SHA512

    c0a25af94a97645968fe7022cefed71b84110d4c7a8ab489162eee57b0cd2b5118aa2f4bbd101569643797ed79d793476953338409d50ac87889431db528bb8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsjFA39.tmp\uninstall.exe
    Filesize

    83KB

    MD5

    d90e0c54ddcc23cfc75e32579cc56c70

    SHA1

    83909c3ad775bac6210d4431b3f03e9229ca9877

    SHA256

    8274bcdae8b130f8580abeab448d44eff756d0929a5ee3b88ff400db9bb8b806

    SHA512

    548835b3e11e919d2092fef763b093df0cf879a0964eb0a65b98a753971ab708d65c1a48b7129a63a5c8bd15f40c846be01e0b5899bdbf9ebb977056ee797cfa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsjFA39.tmp\resultbrowser.exe
    Filesize

    44KB

    MD5

    3b6e1efd41843ab6a5237246494a2fa3

    SHA1

    6c1d8133cc9f5bd33264eea622bcc2c689c0c159

    SHA256

    560c95d0c5550c1000d5b42c3a3062ad15a6caceaa9329e66c4f2dae92af9708

    SHA512

    7c1d28640ed27d7edc7756872022f1fbff137a800755704281cc29655fc890da518c6f242894ba20d4d943bfe42a7cc719ec7de70d531fc434ce2def25d0bdb5

    Download Submit

  • memory/2684-26-0x0000000000260000-0x00000000002E2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2768-37-0x0000000000220000-0x00000000002A2000-memory.dmp

    Filesize

    520KB

    Download