Overview
overview
7Static
static
335e10c5323...18.exe
windows7-x64
735e10c5323...18.exe
windows10-2004-x64
7$(LSTR_76).exe
windows7-x64
5$(LSTR_76).exe
windows10-2004-x64
5$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...nk.dll
windows7-x64
3$PLUGINSDI...nk.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDIR/ad.html
windows7-x64
1$PLUGINSDIR/ad.html
windows10-2004-x64
1$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ON.dll
windows7-x64
3$PLUGINSDI...ON.dll
windows10-2004-x64
3$TEMP/NSIS...Ex.dll
windows7-x64
3$TEMP/NSIS...Ex.dll
windows10-2004-x64
3$TEMP/NSISTrigger.dll
windows7-x64
3$TEMP/NSISTrigger.dll
windows10-2004-x64
3CrashDumpC...or.dll
windows7-x64
1CrashDumpC...or.dll
windows10-2004-x64
1GOMProtect.exe
windows7-x64
1GOMProtect.exe
windows10-2004-x64
1GomVR.dll
windows7-x64
1GomVR.dll
windows10-2004-x64
1General
-
Target
35e10c53232112b1193880e5b3ef36bc_JaffaCakes118
-
Size
25.5MB
-
Sample
240511-wqxamsdd66
-
MD5
35e10c53232112b1193880e5b3ef36bc
-
SHA1
d31c06051210c825c394da2842031b845f94f609
-
SHA256
c37ac379f7614de0382c60dee8470067c15397a0679cff1f6e4b7f6b40f029b6
-
SHA512
864e3dfb840b3ea9ff3c0478d97da3b7e98b587fdc75252d561f009b0e121491855624b7e46de736dba8f1ac02c56cf610d84d614f83407557a4b71538a54319
-
SSDEEP
393216:gg+IWYDv9FYF3+x/h/13Bs+VYVY03ssoV+/Z/Zs+dEJxiTP/bciziKTDxb/rKXIE:H+7F3M/9Njf2tdEmUizB/rKYSoorz
Static task
static1
Behavioral task
behavioral1
Sample
35e10c53232112b1193880e5b3ef36bc_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
35e10c53232112b1193880e5b3ef36bc_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$(LSTR_76).exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$(LSTR_76).exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Dialer.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Dialer.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/ShellLink.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/ShellLink.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/ad.html
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/ad.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/advsplash.dll
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/advsplash.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
$TEMP/NSISPromotionEx.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$TEMP/NSISPromotionEx.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$TEMP/NSISTrigger.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$TEMP/NSISTrigger.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
CrashDumpCollector.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
CrashDumpCollector.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
GOMProtect.exe
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
GOMProtect.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
GomVR.dll
Resource
win7-20240419-en
Behavioral task
behavioral32
Sample
GomVR.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
35e10c53232112b1193880e5b3ef36bc_JaffaCakes118
-
Size
25.5MB
-
MD5
35e10c53232112b1193880e5b3ef36bc
-
SHA1
d31c06051210c825c394da2842031b845f94f609
-
SHA256
c37ac379f7614de0382c60dee8470067c15397a0679cff1f6e4b7f6b40f029b6
-
SHA512
864e3dfb840b3ea9ff3c0478d97da3b7e98b587fdc75252d561f009b0e121491855624b7e46de736dba8f1ac02c56cf610d84d614f83407557a4b71538a54319
-
SSDEEP
393216:gg+IWYDv9FYF3+x/h/13Bs+VYVY03ssoV+/Z/Zs+dEJxiTP/bciziKTDxb/rKXIE:H+7F3M/9Njf2tdEmUizB/rKYSoorz
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
-
-
Target
$(LSTR_76).exe
-
Size
12.7MB
-
MD5
2d73627f749ae3deed81002bc9c1219c
-
SHA1
cad7735a7356be93704ad92a1b909c132810090b
-
SHA256
25f9c485d17e1666e959c4d98cd29fc9cf833fe163ab80537a411ce5973938dc
-
SHA512
be174fa33322ebde4405287ac9ed80b376cd5b1654fbe6f6473623922d2fdda264992d5a64b9a9a6faff811611291285bafa101a18a181741b495d9c3f865caa
-
SSDEEP
98304:DjiNb9NQk8//YB9tDDD8888xBKKiiqqqqnnT0bUDcuT3eXHV9LsI47uxCKYtLUG+:DbcYhRok0EHEYqgeXST
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/Dialer.dll
-
Size
3KB
-
MD5
cfe0ac822ed2c3598de87fe3931c92a0
-
SHA1
0c603bdf81abe835621f29acd5ab2a67e670e762
-
SHA256
df2f6d3c9de979dbde3aa3cf0633fc8cd3215cfba5b5fc02f94338ac16cc2cac
-
SHA512
cacbe97b03cd2037fe28ae928b292a1558fc88ac2dc0a27e859efb413529e47f099b429e41202151f4f52fabf33c67911472edbf41132df1a7e6d1f0eac03b3f
Score3/10 -
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
25KB
-
MD5
bcf627d0db38c8e772e292b509a625de
-
SHA1
8ee208ff94930571b176ef92dba1c5ef5dd9c415
-
SHA256
6bccf372e490c49a3850e4f326c6a988e08991bbfe6e89b9c35d3efe29d304c4
-
SHA512
234c83b48e2f6e650a955cadcb227345f38392fc05101d21611c576307595a99e2e357be7ab6dc7d6d0a0deef501bc29dbca12907821cae9d9e2c8f17e21f7c1
-
SSDEEP
384:XH7Nzpqwkh7R0EOrHn/ZeQaWbJQ2+r9e9dVpyeWZwcAyHEazjJ:Pi0EOT/5aWbJLSAvVpyd3J
Score3/10 -
-
-
Target
$PLUGINSDIR/ShellLink.dll
-
Size
4KB
-
MD5
d62d3e349689811f838dd10fb216eba1
-
SHA1
edcafd517860cb6b4bd299e20b17ad74a6fa2a5d
-
SHA256
5d103419245e2a5f124a96cace25d6836b2398edc0aa3919829b0fd6ad8b5d6a
-
SHA512
fc7d5826cb9f85068ea702f007920bf7ae63758d13c48761e83cc9e8ac06b231f40e17a9f3340d60d874ad2cf6e0991eb98a52cf893ab785489e0cdbbf294f88
-
SSDEEP
96:fQW7e3a0JF5jdrORE6C4tb+X+bzYz3Cl6nfkfLGpRO:4687JQCdiaR
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
a4dd044bcd94e9b3370ccf095b31f896
-
SHA1
17c78201323ab2095bc53184aa8267c9187d5173
-
SHA256
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
-
SHA512
87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a
-
SSDEEP
192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
b98f45a83c1d09132e1e4ada1387a6f8
-
SHA1
9f0a343ec5060b269d36fe1045cff14185f15d1b
-
SHA256
23661a4b1f3d6744fcdd1b2379e5e602e6cf6bd5950b2d19b844527b2f626e99
-
SHA512
cb446acd93c4dd79e81b920075a7055140b27d3e83b43ad899736a0d37e709974b27c5340a4b864e3b41714523dd4daee07b506a2c40b36f9b9d05fdd5cc2612
Score3/10 -
-
-
Target
$PLUGINSDIR/ad.html
-
Size
191B
-
MD5
8464f87975aa647c253e5403534f228f
-
SHA1
0a1d2571a454b76ff43ade320631853650ba448d
-
SHA256
85af9fb1cd755893365f5b0eb6fdb37533084dd8fea0245a12a83a4c1fa69540
-
SHA512
d3a38b949eb81fa35fd7d3b9af65093fc70c53348d7f472bc2bb6a2af3fb9d0a45604965e06c13d365b82838f85d24bfd7bd5ced6832bd3b9572a2adf7845a4d
Score1/10 -
-
-
Target
$PLUGINSDIR/advsplash.dll
-
Size
6KB
-
MD5
505c7c214c17ac801f5930abc57d38c3
-
SHA1
e9a17ed8182f92bf86babbd7ba8dd8770e8ff47e
-
SHA256
999ebf5ef6bf51828193deaf7697e6d22419e437c65e603bffa0bb2acc7f40c8
-
SHA512
30686f361db9d81c95912700af530529d4d89bf6b514a63ab5db6b20efc443b87aef44b598e45d33adee448ec1b6573ca035a1d20e11c78ea8253f1ecf5ebf38
-
SSDEEP
96:oIUNaXnnXyEIPtXvZhr5RwiULuxDtJy+wolpE:oIx3XyEwXvZh1RwnLUDtU+I
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
0d45588070cf728359055f776af16ec4
-
SHA1
c4375ceb2883dee74632e81addbfa4e8b0c6d84a
-
SHA256
067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
-
SHA512
751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415
-
SSDEEP
192:ob8cSzvTyl4tgi8pPjQM0PuAg0YNyhIFtSP:mBSzm+t18pZ0WAg0RhIFg
Score3/10 -
-
-
Target
$PLUGINSDIR/nsJSON.dll
-
Size
18KB
-
MD5
e89c7cd9336d61bb500ac3e581601878
-
SHA1
45b2563daa00ba1b747615c23c38ef04b95c5674
-
SHA256
431fc2ed27d0b7a1ce80de07989595effcc3ffb1dea1af6c0e178b53f6bd2f1e
-
SHA512
09485a354ac4ace6084cb6fcbd92eee8488074763c8443638f78e655e45e8aa0fe40a45d4ce0dff116ed3a4bb7bc4d7d845a6ccf0e0bf35533ce81626a8db06f
-
SSDEEP
384:u1ju3wCtynlKEJAIl0CU4BNe0i5wsVEABy/7tpnYmdnDQVJlN/BmqIw4n:t3wCtynHJAIl0CU4K7yAB8tpVdDQJNI0
Score3/10 -
-
-
Target
$TEMP/NSISPromotionEx.dll
-
Size
1.8MB
-
MD5
9e76a9d52f45845280024561eb0583d2
-
SHA1
89a92563bfcb784ce0a17b3ba02e336f59dfb6b8
-
SHA256
c10670e98eda82fe0984a02c88949ac1be96ca466d6d424a77ea5b67118e8d4d
-
SHA512
9dab31a7dd32c01ca6d6ae38f38cfe8aa84a338b3cd4d540e308e246ec09f390a00bfc698a0b739951df66356a74de925b7e2c9be22c0e06ad2dd1b891451715
-
SSDEEP
24576:YnLxB35LZ4nY2BNc3oXrgJnNZdC/eTPakySNerBOS7bCWlti66p:cLxph+hC3JHOeTPakyfkS7bHlti9p
Score3/10 -
-
-
Target
$TEMP/NSISTrigger.dll
-
Size
97KB
-
MD5
4a8178519a84a5aefd06c9c720360c69
-
SHA1
d3598a9dee27879889b7ba3f3abe218586f11917
-
SHA256
fdd180c2c1006d1538bae0e968d24ae70f7386f30b42e13e9cf45a48d1b0bbc0
-
SHA512
967579323f7286fd3fa4f3c7f259ed9fccb63a8aa6fd2647fb8e2725c4d968b2fe2746a517078866393143d85c352e29a160b04a594f1b950d8918fa530655c8
-
SSDEEP
1536:Yu57R+hRzZNzqwTL7laO4Qim8A1DwLkGqQcNasWjcd+B4Vc:Yu5+BnfL7jpKAGq1+B4
Score3/10 -
-
-
Target
CrashDumpCollector.dll
-
Size
173KB
-
MD5
68f39c3915feaa3a5251e6be0d471b52
-
SHA1
c902b68cc1eb5b6c62ebe7f80ca8b123ff9820c9
-
SHA256
bd998d4f342d5db04534ae9d9c3497d2dfc701341399998f49857b048e50b83a
-
SHA512
1018e81735ef9cb8084d43d01aebf2ffcf56c88ea1c09f7df1aa56a7c4034d70c8fc407427d28cbb24af62eb4c09a5a7d3e39aa80f0d429a75178ae9d27b579c
-
SSDEEP
3072:IIPHanTmyMY2I28ugIs7O/6rle+qjp9fD5bM/uR+7oHMf085oGeg:7PHkTmyMdVKE/q1mXfDfAfiz
Score1/10 -
-
-
Target
GOMProtect.exe
-
Size
2.1MB
-
MD5
c5405d47e426f55e5f92ff5d9ab59a92
-
SHA1
5382e17969d82b213c3f429c3c6d584f8292553d
-
SHA256
c71202f64f02ccc126e60fcc6f736da6759d9c64298108d5d044426f498a2a70
-
SHA512
275b544742574f4c21c81b94bce88a1c22c1a0f9cf17e56194ce31a5ed2358d099f2c5b92288c067fe6496ac5eb7520dd06a6fb64dae1bf43caded2acad13fb8
-
SSDEEP
49152:sxYDItNUIhitqrLOeK+aJn9x+Uw7X8ZzZ17KmgCskgk:sxx7UIItqr5zI0w
Score1/10 -
-
-
Target
GomVR.dll
-
Size
225KB
-
MD5
39b2b639ea38fc5af16729e32c25255f
-
SHA1
041d9e62e4224ab45e1ebe40f12249c7bc138db2
-
SHA256
f0ac5c963159905486fab58fb340ae6694a4154bb06fa088ef055f9d25ce9e2b
-
SHA512
a39054918343cc903ada272c7bd38adad00563feb6a45ead23f157e7db85fc1c9d169fc0596b638be2dd08bd14c43948390e4a3a3b2fcc5bd21a2f582a85e1e6
-
SSDEEP
3072:oWK0YC1ZFbd5vwyRUshkZIZpINQLyKpncLCQ/tSVCXQfkg2RJlTR0u7N:oWK0/dRwyeshkZSpIGe7Rs7fkg2bc
Score1/10 -