Overview
overview
7Static
static
70cadb72836...18.exe
windows7-x64
70cadb72836...18.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
7$PLUGINSDI...ll.dll
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$_43_/Modu...oc.dll
windows7-x64
1$_43_/Modu...oc.dll
windows10-2004-x64
1$_43_/Modu...es.dll
windows7-x64
1$_43_/Modu...es.dll
windows10-2004-x64
1$_43_/Modu...ec.dll
windows7-x64
1$_43_/Modu...ec.dll
windows10-2004-x64
1$_43_/RtHelp.exe
windows7-x64
1$_43_/RtHelp.exe
windows10-2004-x64
1$_43_/msvcp110.dll
windows7-x64
3$_43_/msvcp110.dll
windows10-2004-x64
3$_43_/msvcr110.dll
windows7-x64
3$_43_/msvcr110.dll
windows10-2004-x64
3Games Bot.exe
windows7-x64
6Games Bot.exe
windows10-2004-x64
6Modules/7z.dll
windows7-x64
1Modules/7z.dll
windows10-2004-x64
3Modules/CmdProc.dll
windows7-x64
1Modules/CmdProc.dll
windows10-2004-x64
1General
-
Target
0cadb7283676b5ccb15664cd7c7c7d35_JaffaCakes118
-
Size
2.6MB
-
Sample
240501-yfnxmahb59
-
MD5
0cadb7283676b5ccb15664cd7c7c7d35
-
SHA1
9ebadfd53bdbf11df3a91334ad8b4d5ee8674ab6
-
SHA256
7f592372530d3e0174aa18457162b20cb73dfa35374ed379b533d5506f3e735b
-
SHA512
e3ebb587ac4b3a1e0eb093f22b704e4e20b60d6673da126389dafb7cd7b1360fb8a6a05eeb406e825d249cc38693a366b5ab1906add2b80833385ffe4cdf18df
-
SSDEEP
49152:/8MMVHBQlZE7MArHoyDRkQb8CuMeSGO7xLLNPpJ6Qmub1F1ZblhwLRA+asFO6as/:/8MMVHBQFQHph4CutpOlLhBcQDbNZbl+
Behavioral task
behavioral1
Sample
0cadb7283676b5ccb15664cd7c7c7d35_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0cadb7283676b5ccb15664cd7c7c7d35_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UpdHelper.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UpdHelper.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/md5dll.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/md5dll.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
$_43_/Modules/CmlProc.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$_43_/Modules/CmlProc.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
$_43_/Modules/InSes.dll
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
$_43_/Modules/InSes.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
$_43_/Modules/ManXec.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$_43_/Modules/ManXec.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
$_43_/RtHelp.exe
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
$_43_/RtHelp.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
$_43_/msvcp110.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$_43_/msvcp110.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
$_43_/msvcr110.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
$_43_/msvcr110.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
Games Bot.exe
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
Games Bot.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
Modules/7z.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Modules/7z.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
Modules/CmdProc.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Modules/CmdProc.dll
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
0cadb7283676b5ccb15664cd7c7c7d35_JaffaCakes118
-
Size
2.6MB
-
MD5
0cadb7283676b5ccb15664cd7c7c7d35
-
SHA1
9ebadfd53bdbf11df3a91334ad8b4d5ee8674ab6
-
SHA256
7f592372530d3e0174aa18457162b20cb73dfa35374ed379b533d5506f3e735b
-
SHA512
e3ebb587ac4b3a1e0eb093f22b704e4e20b60d6673da126389dafb7cd7b1360fb8a6a05eeb406e825d249cc38693a366b5ab1906add2b80833385ffe4cdf18df
-
SSDEEP
49152:/8MMVHBQlZE7MArHoyDRkQb8CuMeSGO7xLLNPpJ6Qmub1F1ZblhwLRA+asFO6as/:/8MMVHBQFQHph4CutpOlLhBcQDbNZbl+
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
$PLUGINSDIR/ShellExecAsUser.dll
-
Size
89KB
-
MD5
42865be4950639e871fed3a55b790d7b
-
SHA1
c6f52d75dec3e215ff0ed3f9ffd4a2e05e3a31c4
-
SHA256
c2c32ec71d26b8b4c451401eea1b00fb110ae6f530301605f8d5f71fb7bd738e
-
SHA512
2bf28f0b39d4b10325b7038b71519819f6923ba11fcbf510c6be2e02291741ec3d79f4be651df9e0fe1ce4227498a1449463407622dfdd924b81e8681fe6bb67
-
SSDEEP
1536:nZUcH87dl2uUVzmk1zaOvSTamTa4Uyf/fhcQYDZZsWjcdojmV/1Boq:2BZlWVzmupvADrymojmV/Eq
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
4206ac12a66dd61b2913f158488db070
-
SHA1
589a65a8f2b40d9e821e47bc66fd5bb3848d6f77
-
SHA256
4b722e1b2445fe8030194ba2ae1f573bc8e13dc3c028ce22312ea9848c584449
-
SHA512
a6a1bd423f222dd28277831eb01a14179ea67fb4d7c2b498cf0684185caf7d44a1378faf3a3933a6ce5bed5f5824d011b4a0f6558c3b5d8e84cb5a2bfe455a67
-
SSDEEP
96:o8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/P3lkCTcaqHCI:1ZIKXgk+cx6QYFkAvlncviI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3e6bf00b3ac976122f982ae2aadb1c51
-
SHA1
caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
-
SHA256
4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
-
SHA512
1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
-
SSDEEP
192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score3/10 -
-
-
Target
$PLUGINSDIR/UpdHelper.dll
-
Size
133KB
-
MD5
452ce0b8d77359961b7918cbb98a4dba
-
SHA1
4d14210d41ac4ee0d3644dbdb35822d6bd28c126
-
SHA256
6e5f58aac49eb4662467f301309fc1b85d588fa71ab281dc8cd57b22850ed7e4
-
SHA512
d7300aab2ef365310334ccf7781f9e1d0b38709f3f740ac4267215b1a8bfcf5889ae72a83fa986ea0542622ce348982beaa17b3ee3c10a67e8dab32cb9aa8d7c
-
SSDEEP
1536:zh4urXX51BB1Yha4+Tb9wrCz33zl7e7okmkeIgt2I/j1bE6c+PsWjcdEMh75+8n8:zxXXn1XhwMT90t3MS7EM5+8nxkkC
Score3/10 -
-
-
Target
$PLUGINSDIR/md5dll.dll
-
Size
6KB
-
MD5
7059f133ea2316b9e7e39094a52a8c34
-
SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802
-
SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
-
SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
-
SSDEEP
96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
dbdbf4017ff91c9de328697b5fd2e10a
-
SHA1
b597a5e9a8a0b252770933feed51169b5060a09f
-
SHA256
be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
-
SHA512
3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
-
SSDEEP
96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Score3/10 -
-
-
Target
$_43_/Modules/CmlProc.dll
-
Size
84KB
-
MD5
beccdd9df8ec434c9e6eb78fa054363a
-
SHA1
f690c5eab1c1c39f84b19f3525114a2b3937cedb
-
SHA256
6f461ce8c1e47844ed11ec53e08d760fa9340a32b04af207a3976cc7f9dd6cef
-
SHA512
3a6586743f4129c641cb82886225179d218545aebf82546d07f791dbbe270ddb969040fd9a55ad5485678d881e3a3343be27a84ba412d401864edcc581c60f4d
-
SSDEEP
1536:Kc7u8GA++XdTaQHyC3jNrSonmmJVw2M5wQyg5GBx8nU1+vsJnYlwazs0Q5nl3jtE:/zptaQShImMVw2r9Bxv1+vsWlwazs0Q6
Score1/10 -
-
-
Target
$_43_/Modules/InSes.dll
-
Size
37KB
-
MD5
7ad47a04c4bf17d6fec2cb25d6c3d58e
-
SHA1
3e89bb832ad06cf28b64dce60e657edfcc1cc387
-
SHA256
6837d7c7050bc16a35824de09c345b70365a5e7f3dff61ef496ddc03d889b39e
-
SHA512
1ff31b057a940e226e0791844db37d5cb00453814665f5110699987417163e8fc739573be9d8507d38a7c6d6bb1b46838466d7dcd064c8300dae07c212bdb3c1
-
SSDEEP
768:Af1XICcyTu1zDy181yFO//cTR9RPyVh6/3riBR:01RBl1mA00TJPIh6/3ri/
Score1/10 -
-
-
Target
$_43_/Modules/ManXec.dll
-
Size
97KB
-
MD5
95cf944c390c06a45b7a455ebf340173
-
SHA1
ad2c1b92932a52c04ace29cb921bd06d1ca56e53
-
SHA256
3a6886badafbf4dad3da593097117e252475f3296c85071c53da51ccb7009a38
-
SHA512
9bc85c527741a90f554fe82d4735fdf003e1b0a7ca40404b763627ed1fe0fe489b2c0e603c3cd90a96120ebb242d718835733f1f3988629be4b0c516ac3229d6
-
SSDEEP
3072:XLMhjuktfSPQhoSvwQsVQFMSkx9D4bZ9KIJylsrC6otcTdx1PXQK6aJGTfP9O3ys:7MhjVtq4hoSvwQsVQFMSkx9D4bZ9KIJJ
Score1/10 -
-
-
Target
$_43_/RtHelp.exe
-
Size
387KB
-
MD5
f652ea124a7544256e7eb97d879a4ab5
-
SHA1
0b4d50b0b8afadc8b1921311a11c2f35867f9851
-
SHA256
2149940c37938dd317c2b09d2a16d00535c493a8a8cfbe82d4b0c5ee1637759e
-
SHA512
d3f0a7adf58e816e9d0ea03dd528e472697fe65e64cc9ecc299de9cbf6d3d56915af059e2751219b6e9df3dd73e011314f325b221ea7b17e53ca09a1b3092c94
-
SSDEEP
6144:O12xr5viX/AHL+KcZG7FCfUcTq3ANxE4gq9BrLRf1JyhsaphmhuG9Z3:wCjHKBqFCfUcO3IZH2sOQQG9x
Score1/10 -
-
-
Target
$_43_/msvcp110.dll
-
Size
522KB
-
MD5
3e29914113ec4b968ba5eb1f6d194a0a
-
SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe
-
SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
-
SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43
-
SSDEEP
12288:FqULIc5nb9rywgfyhUgiW6QR7t5sA3Ooc8sHkC2eRxUH:PLHnhryLfBA3Ooc8sHkC2eRxUH
Score3/10 -
-
-
Target
$_43_/msvcr110.dll
-
Size
854KB
-
MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6
-
SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62
-
SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
-
SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6
-
SSDEEP
12288:TmCyHcMpK7QdgD+9Tr8r3FmJciMgLFWkA8qTWu+FVlofpJCjNdr12iqwZeq:TmCyHNIQdTryVmCipIkqTWu+Fr
Score3/10 -
-
-
Target
Games Bot.exe
-
Size
303KB
-
MD5
b86b218ca9f41950379aa204451830ca
-
SHA1
86c90787860122f12aa2b20e3f33bb3c87e267df
-
SHA256
724ff63a671cbb334eb4b0c552bf0a94b295e2aebf33d746a9dd55100052859f
-
SHA512
ada881e1e881f6b9761dd51d5e156feefaddf5ccf137737f735144ed1098930310add5653211d571a624213d1833715007ca8792d0be306ab6be234e3fd82b0f
-
SSDEEP
6144:KySxIlC1Ksx0HQnmz9L98OXLPJZ3tgbJBXw7x9d8:9eui6yO7PL3KNBOi
Score6/10-
Adds Run key to start application
-
-
-
Target
Modules/7z.dll
-
Size
893KB
-
MD5
04ad4b80880b32c94be8d0886482c774
-
SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
-
SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
-
SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
-
SSDEEP
24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt
Score3/10 -
-
-
Target
Modules/CmdProc.dll
-
Size
77KB
-
MD5
d5e8c34916e336059707fb4ce6e2eec1
-
SHA1
dd5a99d82db7e7aff3cc36e0b1786bb88d100dc7
-
SHA256
54c7dc535cf3ae05ea611064a299ae2b1f8585a7b18176bd2a9b5fc6fa29de4b
-
SHA512
7d41c7e01bc6f52ca7208bc1f34ea63d0a2421b9f58a38710e08af9df342eff936982ac5b51a901eca54bc1682b45685bac2a63bb869b83fc88ffb92aa12b7e8
-
SSDEEP
1536:IjnbTlsrG4nAy/VgDBZ34DkqUHr3hwe4iWiPUxhh6/3ribZ:c/OGLy/VgDBZ6kqUHr3hwe4iW4U16S
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1