Overview
overview
9Static
static
77c370cb3eb...18.exe
windows7-x64
97c370cb3eb...18.exe
windows10-2004-x64
9$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/ask.exe
windows7-x64
8$PLUGINSDIR/ask.exe
windows10-2004-x64
8$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDIR/ping.js
windows7-x64
3$PLUGINSDIR/ping.js
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
7$PLUGINSDI...ll.dll
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDI...s2.dll
windows7-x64
3$PLUGINSDI...s2.dll
windows10-2004-x64
3$PLUGINSDIR/ping.js
windows7-x64
3$PLUGINSDIR/ping.js
windows10-2004-x64
3$PROGRAMFI...er.dll
windows7-x64
3$PROGRAMFI...er.dll
windows10-2004-x64
1$PROGRAMFI...64.dll
windows7-x64
1$PROGRAMFI...64.dll
windows10-2004-x64
1$PROGRAMFI...ce.exe
windows7-x64
1$PROGRAMFI...ce.exe
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 07:44
Behavioral task
behavioral1
Sample
7c370cb3eb7c9e2efb5f9b053ec3065f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7c370cb3eb7c9e2efb5f9b053ec3065f_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ask.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ask.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/ping.js
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/ping.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/md5dll.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/md5dll.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsProcess2.dll
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsProcess2.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/ping.js
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/ping.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PROGRAMFILES/Bench/BService/1.1/bhelper.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$PROGRAMFILES/Bench/BService/1.1/bhelper.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
$PROGRAMFILES/Bench/BService/1.1/bhelper64.dll
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
$PROGRAMFILES/Bench/BService/1.1/bhelper64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$PROGRAMFILES/Bench/BService/1.1/bservice.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$PROGRAMFILES/Bench/BService/1.1/bservice.exe
Resource
win10v2004-20240426-en
General
-
Target
$PLUGINSDIR/ask.exe
-
Size
174KB
-
MD5
fac0274b791a442b44a6bdb052afa88d
-
SHA1
7b36694b1c61a820e54d04df6e28e83b54b32de8
-
SHA256
b03adb8851703fad0dfc74f21e537c8834f1305cfd0cfe765b107407794a0b5f
-
SHA512
9e7f75d8332d0d580bbb554de7e05dc1bf0d16eec881571dd17c21e0871b2cd5f7cf6f90ef888fcb481951a0aab387174d563c7e2b993850b7b890a5760c0ba9
-
SSDEEP
3072:4X7DItrfaocyTgfsqQOlJI0glTLiyIwmTWzec6E83No7G+97gIWpq:4saocyLCAlXiyTmTW58Nepcjpq
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
flow pid Process 4 2204 cscript.exe 6 2752 cscript.exe -
Loads dropped DLL 4 IoCs
pid Process 2380 ask.exe 2380 ask.exe 2380 ask.exe 2380 ask.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2380 wrote to memory of 2204 2380 ask.exe 28 PID 2380 wrote to memory of 2204 2380 ask.exe 28 PID 2380 wrote to memory of 2204 2380 ask.exe 28 PID 2380 wrote to memory of 2204 2380 ask.exe 28 PID 2380 wrote to memory of 2752 2380 ask.exe 30 PID 2380 wrote to memory of 2752 2380 ask.exe 30 PID 2380 wrote to memory of 2752 2380 ask.exe 30 PID 2380 wrote to memory of 2752 2380 ask.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ask.exe"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ask.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\cscript.execscript.exe //Nologo "ping.js" "http://cdnstats-a.akamaihd.net/s.gif?t=prxask&ptsk=s&v=1.1.20140801&appid=35852&pid=0&zone=0" "" ""2⤵
- Blocklisted process makes network request
PID:2204
-
-
C:\Windows\SysWOW64\cscript.execscript.exe //Nologo "ping.js" "http://cdnstats-a.akamaihd.net/s.gif?t=prxask&ptsk=a&v=1.1.20140801&appid=35852&pid=0&zone=0" "" ""2⤵
- Blocklisted process makes network request
PID:2752
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
497B
MD517f3d5334f9123558915c180f73ebbbe
SHA1423a865524b2d5981deee06197430ccb47444506
SHA25634d45cff2d0b7d11472fde24e899bcd277e396b29e7ac6ca88662889f4433057
SHA512240dfeae556717448d8882373b46839802938242dab18c4d819337d0f9769411afffba0986430508209c6c411d9cfa9b7384c435bc4b3b0e03decd10edd09776
-
Filesize
23KB
MD5125aebb055446fb52aa5956cf99e8a9a
SHA16b58fd08a8ff2763219cc6b0dcdb875f9970f850
SHA2562e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3
SHA5125f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7
-
Filesize
11KB
MD5790d227d847f7571c8d58a79057a469e
SHA175c347b1441383c61166b615dfd6e7e65b04629f
SHA25637e99ab9db0045870e31db147438cf0c69b6fcdec4f3737a9743c447cbc0c3c0
SHA5125821605bfb3e57ddfcc1a74829968814aae92b13cb713ef3628913d9112d493117e8aa9cc437770facdcd2d4bd1e53a271d491e6b4d3e4cff53bd027f4b07f4c
-
Filesize
8KB
MD5249ae678f0dac4c625c6de6aca53823a
SHA16ac2b9e90e8445fed4c45c5dbf2d0227cd3b5201
SHA2567298024a36310b7c4c112be87b61b62a0b1be493e2d5252a19e5e976daf674ce
SHA51266e4081a40f3191bf28b810cf8411cb3c8c3e3ec5943e18d6672414fb5e7b4364f862cba44c9115c599ac90890ef02a773e254e7c979e930946bc52b0693aad7