Overview

overview

7

Static

static

3

05f1dff7ca...18.exe

windows7-x64

7

05f1dff7ca...18.exe

windows10-2004-x64

7

$0/resultbrowser.dll

windows7-x64

1

$0/resultbrowser.dll

windows10-2004-x64

1

$0/resultbrowser.exe

windows7-x64

3

$0/resultbrowser.exe

windows10-2004-x64

3

$0/uninstall.exe

windows7-x64

7

$0/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 13:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    05f1dff7caf9c647d9ef63444159b39e_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    05f1dff7caf9c647d9ef63444159b39e

  • SHA1

    d2ecfac8a41d3ba8210be8c8969ca9c0e21b4deb

  • SHA256

    674ebf7a76f7527e4a7db25043a867c5226592353fa04a5c5043b5fb18c8c9c9

  • SHA512

    2795cb32918968f768fb19d6119a83158ffaf677c6b28b300e64c2d12121f4bca735c2baec8b3812e3b2261358f95a029c31e8e4f2d67d76e16d1dd7d4f82e1b

  • SSDEEP

    24576:pI62UieZ6Ww/Fv/jEuBtwxebMHm/OPvToM6FELc9NVwR9DrxmT:y62LW6PoIbUm2Pv0M6F4c9/wbrxA

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05f1dff7caf9c647d9ef63444159b39e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\05f1dff7caf9c647d9ef63444159b39e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3008

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsyB434.tmp\ioSpecial.ini
          Filesize

          760B

          MD5

          1f8f1701670692e311d54add50c65bbe

          SHA1

          7dc222d41970b5dc7c81e4d6158f1e18429231d9

          SHA256

          bc417759264af0203721d2f8391f4c653e752fe9e3b50b5e2f5f3ec3052d54b2

          SHA512

          37e5264be537a6197d31978ce4ab0dc2dc2c1451be585ff67320be83bc1c7caaa31d583d4cb6e9edf18526edccd77aa5c0cc1f32bb2a1683fb528cdd22ea72b0

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsyB434.tmp\InstallOptions.dll
          Filesize

          13KB

          MD5

          d765c492c21689e3d9d61634371fd861

          SHA1

          ac200933671ae52c9d5544d0e2e8e9144d286c83

          SHA256

          551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

          SHA512

          9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsyB434.tmp\System.dll
          Filesize

          10KB

          MD5

          fe24766ba314f620d57d0cf7339103c0

          SHA1

          8641545f03f03ff07485d6ec4d7b41cbb898c269

          SHA256

          802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

          SHA512

          60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

          Download Submit