Overview
overview
7Static
static
341e52017f4...18.exe
windows7-x64
741e52017f4...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/upholder.dll
windows7-x64
1$TEMP/upholder.dll
windows10-2004-x64
3uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7General
-
Target
41e52017f48ae7c7dee7a4cf08b71352_JaffaCakes118
-
Size
113KB
-
Sample
240514-r8wdvabh33
-
MD5
41e52017f48ae7c7dee7a4cf08b71352
-
SHA1
bfef133c259c4b660a9d0966a0d77707ba5b18d5
-
SHA256
30e07e1ffb8283f4c30c9bd643e759cf8246bee8e3bfa4de8ea30beac532a68d
-
SHA512
2f28054d6c4f91150f5d63659014c84981cf409e7135303697fb83c25c509078dd4b1c6adb835ef7fe4b91d95069e9300ba4877390ceaeb15e7827e5e3e47ccc
-
SSDEEP
3072:EwJ52Y7ZoH5XJaGWee+VzFnwast+j8g7lckSl:EwHysdV+VzJJ+kSl
Static task
static1
Behavioral task
behavioral1
Sample
41e52017f48ae7c7dee7a4cf08b71352_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
41e52017f48ae7c7dee7a4cf08b71352_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$TEMP/upholder.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$TEMP/upholder.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
uninstall.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
41e52017f48ae7c7dee7a4cf08b71352_JaffaCakes118
-
Size
113KB
-
MD5
41e52017f48ae7c7dee7a4cf08b71352
-
SHA1
bfef133c259c4b660a9d0966a0d77707ba5b18d5
-
SHA256
30e07e1ffb8283f4c30c9bd643e759cf8246bee8e3bfa4de8ea30beac532a68d
-
SHA512
2f28054d6c4f91150f5d63659014c84981cf409e7135303697fb83c25c509078dd4b1c6adb835ef7fe4b91d95069e9300ba4877390ceaeb15e7827e5e3e47ccc
-
SSDEEP
3072:EwJ52Y7ZoH5XJaGWee+VzFnwast+j8g7lckSl:EwHysdV+VzJJ+kSl
Score7/10-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
a436db0c473a087eb61ff5c53c34ba27
-
SHA1
65ea67e424e75f5065132b539c8b2eda88aa0506
-
SHA256
75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
-
SHA512
908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
-
SSDEEP
192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
Score3/10 -
-
-
Target
$TEMP/upholder.dll
-
Size
52KB
-
MD5
de0f2c4a5b7c7974f19f48b08b3d55d7
-
SHA1
fb4eea0fa23f0dffa17a141dd9a66e919a79d6c4
-
SHA256
ae257e13507e2980446867e3b5cfb9a5c57c2d09c24079d59667938e82c204b7
-
SHA512
812ad695df0188565f31e3db646ac7a41db41320bc3b03ea504dba8f027018661cc9fd47a38833df28e3db1bcfa45cf2b244c9231bf6bca6f01ddd81ff578c6e
-
SSDEEP
384:dNGrfGDudTR3VFKmlkYtlosjEfXyyoSwWa3C9svaAU+k9SVItAEVN8aUYwZS7PrX:mrD9RHHbMyuwdC9s7U+kJAEVN8azX
Score3/10 -
-
-
Target
uninstall.exe
-
Size
33KB
-
MD5
889515c301e7bfdd6fac809dd3439183
-
SHA1
bb0902cfc9798a7d1c8e0f3288c8bec0d60bb1fe
-
SHA256
fb3f23fade8d4c62a85a5d5cb95db292ea1c3a93ecf331ac9da58104a7dde2aa
-
SHA512
d9dde3b5b69c2c7e1308126c3375aa484943eb3614c04cfc1d2df41a63194e85e62f9391ef72b405c8078e8bb5d220c0f77e5d37c4a08360d321b67af3559f30
-
SSDEEP
768:dWwSOHQVoQM8ios/aASUsWRs25iUk68v1fT3XJPdE2JRnUWop:EwJOoN1oYaoZ5iV685XJPCTWop
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-