Overview
overview
7Static
static
75ba72e4791...18.exe
windows7-x64
75ba72e4791...18.exe
windows10-2004-x64
7$PLUGINSDI...ol.dll
windows7-x64
3$PLUGINSDI...ol.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ol.dll
windows7-x64
3$PLUGINSDI...ol.dll
windows10-2004-x64
3$TEMP/Driv...z3.exe
windows7-x64
1$TEMP/Driv...z3.exe
windows10-2004-x64
1$TEMP/Driv...er.dll
windows7-x64
4$TEMP/Driv...er.dll
windows10-2004-x64
4$TEMP/Driv...up.dll
windows7-x64
4$TEMP/Driv...up.dll
windows10-2004-x64
4$TEMP/Driv...ge.dll
windows7-x64
1$TEMP/Driv...ge.dll
windows10-2004-x64
1$TEMP/Driv...e5.sys
windows7-x64
1$TEMP/Driv...e5.sys
windows10-2004-x64
1$TEMP/Driv...e5.sys
windows7-x64
1$TEMP/Driv...e5.sys
windows10-2004-x64
1$TEMP/Driv...e5.sys
windows7-x64
1$TEMP/Driv...e5.sys
windows10-2004-x64
1$TEMP/Driv...e5.sys
windows7-x64
1$TEMP/Driv...e5.sys
windows10-2004-x64
1$TEMP/Driv...PI.dll
windows7-x64
1$TEMP/Driv...PI.dll
windows10-2004-x64
1General
-
Target
5ba72e4791f577c14f9c6b23c4d95211_JaffaCakes118
-
Size
13.4MB
-
Sample
240519-1n6thsbg3x
-
MD5
5ba72e4791f577c14f9c6b23c4d95211
-
SHA1
74f21fed0ad24e066c9f0c22a7ccd1b088ce310e
-
SHA256
6d7eea7ff9ae3211f559d7d39fe9a8349078ef289b66e6c582c68708b7c60fea
-
SHA512
59e38f7683571edc791431327da44d76adf11e7beaa5fe070e1ce144b06fe195cd6867fe4e5c9a5860c0500784feff3675e989b47cadef4aee6f887ea4bdd9cd
-
SSDEEP
393216:hDa5brFmW+lwJTcBqR+5k0T+fTIDfCV6X5IEiOoz:hWDmW+OJcqw1+bYS652
Behavioral task
behavioral1
Sample
5ba72e4791f577c14f9c6b23c4d95211_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5ba72e4791f577c14f9c6b23c4d95211_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/NsProcess.dll
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/NsProcess.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/uisetup_usertool.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/uisetup_usertool.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/InstWiz3.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/InstWiz3.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/checkdriver.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/checkdriver.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/e5Setup.dll
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/e5Setup.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/language.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/language.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/i386/elite5.sys
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/i386/elite5.sys
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/x64/elite5.sys
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/x64/elite5.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/i386/elite5.sys
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/i386/elite5.sys
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/x64/elite5.sys
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/x64/elite5.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winlh64/DIFxAPI.dll
Resource
win7-20240215-en
Behavioral task
behavioral32
Sample
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winlh64/DIFxAPI.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
5ba72e4791f577c14f9c6b23c4d95211_JaffaCakes118
-
Size
13.4MB
-
MD5
5ba72e4791f577c14f9c6b23c4d95211
-
SHA1
74f21fed0ad24e066c9f0c22a7ccd1b088ce310e
-
SHA256
6d7eea7ff9ae3211f559d7d39fe9a8349078ef289b66e6c582c68708b7c60fea
-
SHA512
59e38f7683571edc791431327da44d76adf11e7beaa5fe070e1ce144b06fe195cd6867fe4e5c9a5860c0500784feff3675e989b47cadef4aee6f887ea4bdd9cd
-
SSDEEP
393216:hDa5brFmW+lwJTcBqR+5k0T+fTIDfCV6X5IEiOoz:hWDmW+OJcqw1+bYS652
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
15KB
-
MD5
f894e7068ee5f5b4489d7acdde7112c9
-
SHA1
79ec857791ad4ac76673b05e6fc44e55315424ef
-
SHA256
3948484bc6a6e8652c2220be411cdcabab73eab46578faca8c0bd01d3ea290ab
-
SHA512
e85b2bdc27b9721425bb03393e8aad897647053c77d7862ea541e03dc896173af6eaaf182514d46464d560d15c6b9d4652690885426ac1c68e2b9dd8d632e816
-
SSDEEP
192:VUmFdGZ2ESi0SGlIO1yn3B+boYt0/SNFdTmUJJimGf/5b2xlUqyWWKCi1wlLjck2:FdGZ2ESnTqkddTm43saIvy
Score3/10 -
-
-
Target
$PLUGINSDIR/ExecDos.dll
-
Size
8KB
-
MD5
ee62139498508ff99a7b0df809c39293
-
SHA1
cc51f04091d9352940f570a62a7b410272e54b46
-
SHA256
861eab3ec82e0e0c2fa6cb2cd0dee207fa12221f6fa9eaa28cf734fabe0f1cc7
-
SHA512
86538afdb0591fe7605796deaa9c8e4dc75823130bcb58b764c742996cc16405128a06317fa146a0e32dd35dc31adc72d67b8b92d3ad00fc4aab4f568926da2c
-
SSDEEP
192:z225z97dfP7hDheWtUTOjHlcx+CyyhWPar:zL9B7PeWtUijHmxJh
Score3/10 -
-
-
Target
$PLUGINSDIR/NsProcess.dll
-
Size
59KB
-
MD5
4b2e670d034f0004aac0cb3136c8b7bb
-
SHA1
42e6fda34cab0aafabe4a5acd30d9923889f5b31
-
SHA256
0f4841a1ebcd17317b9951e41b95c97e490233844cabf07ac9e3f122a6db9d38
-
SHA512
08c5225f0a0deb41e272ad60e71b9642b65e7a5d08228267a524bfd52ecbc61f6576fcb63f87add64cff5e3860b4ddf3c88fc0c1a31a0bb70c29021187966d55
-
SSDEEP
768:1Ao7xOjNVxCkjUZvgbhft3+A2sgCpn5fOtK/K78FWjcTNKuBHtQj2fsWjcdUYYK0:WoqXxe+lJ3cE2cX8SfsWjcd0xJb
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
06faa022b430d6a5d60c6448f23191a0
-
SHA1
7a5117c09d4ca7d9e26bea4c94090a91395149b5
-
SHA256
6da3dd28ec4fcedfa95b61a30aec4fa4d23d38419387c98539758584e2f0d246
-
SHA512
ba2ed37b0286de0d8f5fcab9732b0ed7faaf7519876d65ae488cc7cb1b68ae2e23b1fea2667b7570a66c69d8d74abb63b8a751a5764e8f6d8e93a2a9f6b8d074
-
SSDEEP
192:6N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Ux:ZJoiO8V2upW7vQjS/
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
0a1d16ec8a9da11aa9535eea586a8e4e
-
SHA1
8cd046bb88adcc886c9d491d18315b4fb40f372b
-
SHA256
9c96726adb6b657f72569277f65926b43fd1ffc52cfc4ee53292e5539cbd347f
-
SHA512
c419838b5dab25615f188694d4ea33032fae25a67b1e90b31e554abd05a599fec7d8b2e63ba573d468cc6cae4d566c53ef84ab824eae9745f1ea4183c1756e11
-
SSDEEP
96:M/ispqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LX39sQvM:M/gUG7lhvov36S5FcUjliSEI5LmQ
Score3/10 -
-
-
Target
$PLUGINSDIR/uisetup_usertool.dll
-
Size
1.7MB
-
MD5
7e4a6196e7ae4a3a179bbb37a442e1b4
-
SHA1
b4044346f5693a4f56ee211b06aeb4803b55ec02
-
SHA256
ff29ffb2d890be2b5c24be8af293322327664de7dcf573877257e797b423c333
-
SHA512
9172e5a637acb45d28c798c79955d641e8ca22ad5c7601d858bd7c11d95e648f2acb7360188189cd53dafa08a7acbc71a50ec1151093e7eb6e5f2a432f076cf1
-
SSDEEP
24576:CQDOi82PnBLZN9kTXFYoWX9MklhnK62jHggnC9TcRXSZtU70/onL:TDOi82PnKXOomOQn8C9T9SFnL
Score3/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/InstWiz3.exe
-
Size
783KB
-
MD5
9716c6ee53c5efae3fb2a6e5afac20bb
-
SHA1
eb4a7c16a0c74aa0bde3fbf850ea19f74cc8d843
-
SHA256
a950807ce0da62ddb0b8bd70e33fd00d5b84bfdbec81422a6f9e53fa267383fc
-
SHA512
2ab787c6d1a92c8d32a7da9f4564873e9ffad2b90aac18873161db6e3358c17f68a324694a79e769c85f486500b903e8e2530582ed2cb7fd89806949bdc20799
-
SSDEEP
12288:1SIWBPfeaMf3Zx32BSUU+U+Ab0kDpvdmNLD6M7wcxWWgMd:o5fefx32o+7opvdmNLD6M7wcxxgMd
Score1/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/checkdriver.dll
-
Size
8KB
-
MD5
422b8776262489a89a2fcea7bb4f86e7
-
SHA1
fa4f5c35ade7ba06e8ff9ab13c4ae5c8343982b0
-
SHA256
3e608fa66586dd2849f169d0e82e13a7bf7f39c68b06f04eda29ea3b769f9b99
-
SHA512
25c73d8d08aa7699f7bd3ac30a20d73e1424eab229705347a58f8958040ddc356dc8d17c2c66d4b33b999deda49fb4e016c62c94fada649894516ea52d557b22
-
SSDEEP
96:gcj6Rnd/2ZozxE7EeJMM3BfYajeOqlP4zz2u3jU3NZH61Vk+fxqd2wR:gcWRnR2ZEgMGd7aOq14zCH6z5c2wR
Score4/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/e5Setup.dll
-
Size
173KB
-
MD5
d96464c57fc90f517a77306ffcbaea5e
-
SHA1
ae545eaf151ba604747223c74e271bde432c26d8
-
SHA256
b2382dabde8e64941a59883d5ed112c277e426a0937d11ed249927d3ae42e75e
-
SHA512
4856b91fc85fdcad9db3b7a02099ba65f97a57a319a53e8c354cf06280428b25478b6c6f05e100fcf75dad419d9d9ff4d36c6c3c07708c5ecea0f2ce942aeae5
-
SSDEEP
3072:yAu6oKbXw59dSaOyDvrJiwLwo856M+ooooooooXRFKf:y+o6Y9dSaOyiH+ooooooooC
Score4/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/language.dll
-
Size
56KB
-
MD5
e49b016a5b2620f4fb5113b1942546a9
-
SHA1
8febf00c0f773fd7dfa708af78eefcae69c6cdad
-
SHA256
9eea97413c58df1bebd2639990fda9235f6d4fdac108be0f0208115130e1a259
-
SHA512
b49952cbc9d7348acf6348c735e9af26247739e41dcc2ef43cb2e144f5dc16907760fa6712b36b089210bcdb51d8aaeb8a3b76309f65c8f707a47b3388c3faa3
-
SSDEEP
768:n/MKPffDs+TiCAwlQ0oGTaatgrk14LTMR07/lu7MZ7XQgO9/:nbfw+wwlQbatRR07Aw7XDO9/
Score1/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/i386/elite5.sys
-
Size
24KB
-
MD5
8396b9979c6d3789e04aefd4f864fe53
-
SHA1
0877b491c100b92d91d50b2afc5a775434608130
-
SHA256
5dcdbc48dfcf74ee5aa0ca3afe78f5e4a6e070b94a190b3237a0e444931e925c
-
SHA512
3bdc99122b62f5e8575eac2efdf004ec39cbb15e31f4655eff7bc80f884c381610a110d32348f6931857bd4ad3315763dd2da61ef36e66cfb0a3b38533e8ce7e
-
SSDEEP
384:AnYFWo8yknuV8E4culoa2PDaIA5DMuEBl56MX9fMqRJOnYPL2iQqAJddxqjiqLH:PqRnuooTDaIAuXZ38J5qOPxqjiqL
Score1/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winlh/x64/elite5.sys
-
Size
30KB
-
MD5
c600c0f5a293a77abf3b2c4372efc98c
-
SHA1
d26fa1fd799712a6dbd4e86beb3d6e1bab9afd08
-
SHA256
65c0fd32231cc6cbb537bac2126cb1ab9cb143e27f5cafba98a52e59910a08b0
-
SHA512
df4719bec0092b06921526d0511c36786b3ddf1105c584fa0c3b1c31066f4d046bf988b32ff72f7130bd210edabafa820ef1a4e2acc1b8cb33d9f0ee45b7633f
-
SSDEEP
768:WKDpkuqu6IPpBkNyCMjjbxIj/AMakH+KJ5qOPxqjrc:lDOuq9Cpochgl+dbjrc
Score1/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/i386/elite5.sys
-
Size
24KB
-
MD5
0d2ffb84ab5d145d6e2cace598219b9e
-
SHA1
3e739983bc7a39583a268a57922e68e9d141091d
-
SHA256
90006b80d1de830fe417baa536d55fcb6146b4f9558b0a781aaad36a822a0479
-
SHA512
540de87cda7d6ba01e951d4eae60c5aeecd487ccc9c5459c0e48e299859a0d92ffd1b5b81e1743471df8dd58e11f10297bc62e1640db01d2f681de05022df170
-
SSDEEP
768:mfCLBAKNjO7N9ktG6NjsHfXOJ5qOPxqj4:mfCLB7NjO7N9eG6kXxbj4
Score1/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/obj/winxp&2k/x64/elite5.sys
-
Size
30KB
-
MD5
b86535db7bf066a2dbe34eccbf1ad7ab
-
SHA1
33164be47982b5cbed90a73e0b5604722f27210a
-
SHA256
95e0c590c7ab0e776ec2ee52d7cf127d974fb5ab41c6668eb4f56a78cf0ee83a
-
SHA512
b7d0e4753edd53ed2742e90a7bb55d870fd7766c54cb34f08627a0ae5fffccacb10cabd26fd6a76434b448faa408fef012d6af6b7f046bd8d779eff0954fcaeb
-
SSDEEP
768:BpQ2Lc4zk0olnUfftB31dfz1fII3g5bxYMDpfV7J5qOPxqjWDl:rQ2rzkJlUTXbVgffIbjWDl
Score1/10 -
-
-
Target
$TEMP/DriversTmp/gld_bugfix_20170712/user/Drivers/winlh64/DIFxAPI.dll
-
Size
506KB
-
MD5
1a2e5109c2bb5c68d499e17b83acb73a
-
SHA1
efa15cfa23606dfc355d11580b509e768a50ddbb
-
SHA256
e70bbcee0d01658ccd201ebe0f0e547b9daff01b7c593a0fdd0c64e5f45d6f11
-
SHA512
47317d24d02c4122fe175bcd7f5b3dd8823063e7ea63f83961e40f10872642d2d6f6e6abaf5fb7630cf0e9d8cec0d112889600b14ecb8698b81597f52d54815b
-
SSDEEP
6144:1uS8iJgEjHlmbGQGt20CZPbPBtqd0xYP2MJL:1u8JgfGQrIPfZ
Score1/10 -