Overview
overview
9Static
static
389c55b3ce9...18.exe
windows7-x64
989c55b3ce9...18.exe
windows10-2004-x64
9bytefence-....3.exe
windows7-x64
4bytefence-....3.exe
windows10-2004-x64
4$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3ByteFence.exe
windows7-x64
9ByteFence.exe
windows10-2004-x64
7ByteFenceGUI.dll
windows7-x64
1ByteFenceGUI.dll
windows10-2004-x64
1ByteFenceScan.exe
windows7-x64
1ByteFenceScan.exe
windows10-2004-x64
1ByteFenceService.exe
windows7-x64
1ByteFenceService.exe
windows10-2004-x64
1Microsoft....nt.dll
windows7-x64
1Microsoft....nt.dll
windows10-2004-x64
1Microsoft....er.dll
windows7-x64
1Microsoft....er.dll
windows10-2004-x64
1amd64/Kern...ol.dll
windows10-2004-x64
1amd64/msdia140.dll
windows7-x64
7amd64/msdia140.dll
windows10-2004-x64
7protobuf-net.dll
windows7-x64
1protobuf-net.dll
windows10-2004-x64
1rsEngine.dll
windows7-x64
1rsEngine.dll
windows10-2004-x64
1rsEngineHelper.exe
windows7-x64
1General
-
Target
89c55b3ce90e0aa737ef7f77326ac316_JaffaCakes118
-
Size
13.4MB
-
Sample
240601-jf1tvseb8v
-
MD5
89c55b3ce90e0aa737ef7f77326ac316
-
SHA1
9d4f9b5b7f2548b488cf5ad977731d96d5ec89a4
-
SHA256
1102534d7ed22c361f26d196c9170d977ea3b0eb8b4ce5746236e3e2418451a4
-
SHA512
2894c813252a73ba494f059c1a25d92abb033f22e6c56ef23b9694fb1ea9f81f8ba141d7d097f93f8463d2fe72288eebc589355bc831fa713a46b08f26c30a3e
-
SSDEEP
196608:npe6XKEkziIokPfo+tIcQ9wBgh72SWHr3WpHAVoZ+obe4TIm1GaNWmdPoZfW:npeWp/c4+tIhsg9W3W5koUoLTIm1GQv
Static task
static1
Behavioral task
behavioral1
Sample
89c55b3ce90e0aa737ef7f77326ac316_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
89c55b3ce90e0aa737ef7f77326ac316_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
bytefence-installer-5.4.1.3.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
bytefence-installer-5.4.1.3.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
ByteFence.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
ByteFence.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
ByteFenceGUI.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
ByteFenceGUI.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
ByteFenceScan.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
ByteFenceScan.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
ByteFenceService.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
ByteFenceService.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Microsoft.Diagnostics.Tracing.TraceEvent.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
Microsoft.Diagnostics.Tracing.TraceEvent.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Microsoft.Win32.TaskScheduler.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
Microsoft.Win32.TaskScheduler.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
amd64/KernelTraceControl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
amd64/msdia140.dll
Resource
win7-20231129-en
Behavioral task
behavioral27
Sample
amd64/msdia140.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral28
Sample
protobuf-net.dll
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
protobuf-net.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral30
Sample
rsEngine.dll
Resource
win7-20240508-en
Behavioral task
behavioral31
Sample
rsEngine.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral32
Sample
rsEngineHelper.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
89c55b3ce90e0aa737ef7f77326ac316_JaffaCakes118
-
Size
13.4MB
-
MD5
89c55b3ce90e0aa737ef7f77326ac316
-
SHA1
9d4f9b5b7f2548b488cf5ad977731d96d5ec89a4
-
SHA256
1102534d7ed22c361f26d196c9170d977ea3b0eb8b4ce5746236e3e2418451a4
-
SHA512
2894c813252a73ba494f059c1a25d92abb033f22e6c56ef23b9694fb1ea9f81f8ba141d7d097f93f8463d2fe72288eebc589355bc831fa713a46b08f26c30a3e
-
SSDEEP
196608:npe6XKEkziIokPfo+tIcQ9wBgh72SWHr3WpHAVoZ+obe4TIm1GaNWmdPoZfW:npeWp/c4+tIhsg9W3W5koUoLTIm1GQv
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
bytefence-installer-5.4.1.3.exe
-
Size
13.4MB
-
MD5
c4951a516fe1b3a8a579e73877a4b1a4
-
SHA1
400acb837edec53c746be0ccb2bb9d774fa150e9
-
SHA256
61dc83d20af7bfa9458a4ee7b08bc05fc33b09aa5f04bf655f9f607125d1934b
-
SHA512
a6933dab647728a2ccfaabdcb7561ab804efdf9ba6193d920712d04c842400b6c975bb0c0228a03f2a3b7dce3019397615267e2905cda73441abc6ef1978faeb
-
SSDEEP
196608:0e6XKEkziIokPfo+tIcQ9wBgh72SWHr3WpHAVoZ+obe4TIm1GaNWmdPoZfWA:0eWp/c4+tIhsg9W3W5koUoLTIm1GQvA
Score4/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
b0c77267f13b2f87c084fd86ef51ccfc
-
SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
-
SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
-
SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
-
SSDEEP
192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
eac1c3707970fe7c71b2d760c34763fa
-
SHA1
f275e659ad7798994361f6ccb1481050aba30ff8
-
SHA256
062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3
-
SHA512
3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09
-
SSDEEP
96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
1f49d8af9be9e915d54b2441c4a79adf
-
SHA1
1ee4f809c693e31f34bc6d8153664a6dc2c3e499
-
SHA256
b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782
-
SHA512
c60827e322e3168a79795ffd4beb0b0039842128255100d6b005d261402d2ff570f3866f441f3d3c063097c71d44bc5ae80d177fa91ef4e46fc8c2d97de27aa4
-
SSDEEP
96:67GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNo3e:kXhHR0aTQN4gRHdMqJVgNv
Score3/10 -
-
-
Target
$PLUGINSDIR/nsisdl.dll
-
Size
14KB
-
MD5
a95c7af96416b2cd084fed4c07c8c291
-
SHA1
0c62c2fd843ccb59784404ed36369784dc557671
-
SHA256
a1e09fb1739ef7557d18104b0d6a4c7725e1ec293f5404c80402f57ff9ebb9d0
-
SHA512
427ef14b116b574c5558cc6bb0ce03ab37f891f2d7ab0f130e3cddd0265e6bd269c598ce93230e56cd41bb9d2649bbbaa2fa2c654d8116c0c6f79a6f3419d1dc
-
SSDEEP
384:9ck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2NE:9ck76gibLCMLDLCx04HNVNE
Score3/10 -
-
-
Target
ByteFence.exe
-
Size
3.6MB
-
MD5
ae114355b714bc831f641ffc1fd5d96b
-
SHA1
52885c21ee681f3b0dbb7d13191fbbb141fdf906
-
SHA256
517516b4fe19c58397a703bed0884cd439a6ad7ddadfd3de2b9d40d035659448
-
SHA512
7db682dc63cae4ca91085f34788af53bc2cfd350af476749a4045ff2d751d810d5a8a140b28800ef284aed17cf87c5173f8bc107c73fe75555506fad66358dfe
-
SSDEEP
49152:JG5ZVMGSL38t62Ei9Ts+Mq83+4w3aOX5xHm4Tcua9cGwYkf1VKHUKqHLmzdZXGwM:MMoTs/dw3TdTcua9pk9LLmfWl3KvS
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
ByteFenceGUI.dll
-
Size
834KB
-
MD5
637e8fcc69c33392335ffeaaca446a1b
-
SHA1
91a56d770a3731310c412cd0c9cea9439594f593
-
SHA256
496378bea9a3d62401744cd3941eda5177dc54733cd45735acf0c373372b5c5e
-
SHA512
ffd8deba9afea17cf93219774e5d576b4bb39c4db710caa9634e5821cbb40e000f446017bf116bbdd475243dc397d4f038bff8f236e1ad9c002604249761fa08
-
SSDEEP
6144://DsH/j0S/6HYv5nAYwtQ5eF7yH4kwMQDtyeTTGvsOYu3uhaS2dK6mDFnsZdVPSj:XDsfjR/6HYBYD/0/tCDFsEuIt
Score1/10 -
-
-
Target
ByteFenceScan.exe
-
Size
802KB
-
MD5
0243c4daedbf30e3235e0ffe0424901f
-
SHA1
a0cb6caf5cce9afd09d0e253c899990a96d6f0cb
-
SHA256
26b66f533d698550985569f7e2b663238d0629ab87be94054c07be201b689b8d
-
SHA512
ab4708f86fda031c1d7261bb6177dce74e03b213f39802fe77df2bca90a3388801f4bcc8eb21ee516d3e38e80c0727bd2c7d956584ae91d46ebb867aa3cb8bf7
-
SSDEEP
12288:tyA83gBCl+54Q+OeO+OeNhBBhhBBFBEGxHmfCvFDGOUUY2a1f4/fS/TecKbFVcd9:tKQ+PfGfCtDxY2bmaHMigXu6rnXSK
Score1/10 -
-
-
Target
ByteFenceService.exe
-
Size
152KB
-
MD5
ac384df8fbe8a76815fab3a2659f4bc4
-
SHA1
c3cf899ade1ec94e7d8a7a4dc64950de99096b4f
-
SHA256
0e262b5c4390c353bf98298631877913f6940e9c5042c0979060fca6c964fc17
-
SHA512
a27ba4f9d167ba81a053067de6e27d1a81646c640e5246f0036c8758f123209206f187fb8b3a073bf3f31717b80cafc3d78add7fc4e33204b87460e14fad4d90
-
SSDEEP
3072:1VCk5BvWxvjdrJmAoIQelRqoTol8gJTrYobUXJNX/1D3YcpEmxUgAPe:1X5BulYIQsxToGqTrjuAcprxmPe
Score1/10 -
-
-
Target
Microsoft.Diagnostics.Tracing.TraceEvent.dll
-
Size
985KB
-
MD5
d09b4a4509907f75f506b996a5ff7554
-
SHA1
bdb299cf617da297cbcfea321879f669e465069a
-
SHA256
6f8a2f1d045efb952c1ea9988bb5dcc72555eccafe9b32c2c51b439ea1f28453
-
SHA512
ea29579f19aa55429e7254a7a6953f127a7520c43ad1e15dad7e4b25d17a167218997fe98d3096606164284616963c81a53f10eeaada7163472a6102e66de478
-
SSDEEP
12288:Y+TaIGsAE3CBF4vgwWNjVYUQjwciLzR3Sx+1FfNJyPnKrA:ZT2VESLEUQjXiLXNJy/
Score1/10 -
-
-
Target
Microsoft.Win32.TaskScheduler.dll
-
Size
303KB
-
MD5
1802e6df96046cfee62c63c4c8469a3e
-
SHA1
c5d6444fcd8f46e1832c99614f5e71adff582f6d
-
SHA256
cc6c472f666239ed270cc3754852f536b8981d6fd22e4ad1ee15a1aa788a3ba9
-
SHA512
339f5b917c4afbc25175bd173cebefdd8f4671e157ecfb8a9c21b78db9d34fd9757787c231575e8849509cac59162c6c67fb32af6febd6903ec285e21c0fd304
-
SSDEEP
6144:pSNrAMLv8oXq9/7hbTD9S9XFiU5xsM2N0b9tCud+FrXSaG5rcfFr79E:CH8oXq9Dhb49ViU5xsTQd+FrXSJ5eFrZ
Score1/10 -
-
-
Target
amd64/KernelTraceControl.dll
-
Size
217KB
-
MD5
23ff4b3eadf12465e19f39b0c19c4361
-
SHA1
ce0f61dfc428532dc645d2aaed9153d79dbd27d5
-
SHA256
2005f94acc7c541771066ed98aff6321b911d10c59d2544b853446dbe91f25a5
-
SHA512
cc618b926c22cabeb2156fe9d82dfa0a181e9bb03e9f1d823f68f656a72fa56fecb92fafbe84ec3712805ec0bd5a903fde6ea33cd05dfc57027800bc516c7538
-
SSDEEP
3072:nX5gE72vcK8s7pTxEl7Onygi9wDO4z4WSYB0JuPr8AjT//PqLVFUYYBHoC:nXX20y7HNz14RU0J1ALqDUBHoC
Score1/10 -
-
-
Target
amd64/msdia140.dll
-
Size
1.3MB
-
MD5
c241e5b86b651da6e2b8fd9b07660635
-
SHA1
bc7317c284770245116b4a77c6d454970625fd19
-
SHA256
25a17a77163d1f18d780b06546dbe53c49d184c08cae60598b81cce655c53e34
-
SHA512
1b8e06fc562413b110f2ed8ee752f704948a77c4f4b8d855d1f14a91f9d3cbaaeead625b11d82d655613e89b7345c3299ddadc0fa9bcdad400068916587894be
-
SSDEEP
12288:Ppo5lxPC6r9vjOqfmX/yyOZWS6ggBwCX0dX007AedX0oHQUcV8gv2MQo0pzx:xo5lxdoz/yl4rEdE0cedrQPV8gut7x
Score7/10-
Registers COM server for autorun
-
-
-
Target
protobuf-net.dll
-
Size
205KB
-
MD5
769d127c68a3610c54927317035ab647
-
SHA1
f1c3cd0eecbde4e506ec17fe3e63062d704978c6
-
SHA256
b6cad8c254404466afc57402bf9c69f92dcce2f76cdba19784cc1057e85e000f
-
SHA512
23350def1e9c76f6d7d797674f07157ef3e6a1808bf19023737f5919ef6cced8ea071625dfcc34c0ad7b1a3e6605da71e6559e88ac6397f79e77b2a4293159c6
-
SSDEEP
3072:fDS6s11CNtSu01ck48ChK8CShUlNIUAQwXaQ5edod9hoiexKcMva3rdY07c8cC:mzWMGN8CckUnAt5edod9hoisKbvydvwC
Score1/10 -
-
-
Target
rsEngine.dll
-
Size
5.1MB
-
MD5
38bfe41fef177604494f49ee8023b887
-
SHA1
fca37c9a1f3b9eaa68b489b091020cff0f672e6b
-
SHA256
65555310943571e3d7cdb37c8a5cfa6e332400397d4d1dcbe4033370a5db81f6
-
SHA512
f0b3dd5b27893ccfce43a033cd89ae190bf9d016711e85cea2d3ecf8478db365d47a7f8b86c08bb0941ebff3522f0b6b093c9e5c9527c2737da7ded2614401c2
-
SSDEEP
98304:njye+FAgokGVEfisnwbqgmHsCaJLVCxCB5aJ6sxTuWBgWWiJZUKPhoa:n0F+8iswrmHsCxO4JLu83J6KJ
Score1/10 -
-
-
Target
rsEngineHelper.exe
-
Size
163KB
-
MD5
0fabe08ae38aa4ef76fca861a80763d9
-
SHA1
a3e6a9fe9b6e5ca39ecb027a1a8df7668bca8c3f
-
SHA256
bd5d56e915446df38fb45e0f1e7a42870e0797c9321e790c237a02558cf60d61
-
SHA512
7cfb14321e63c9a5b0aaf548eb12d745d7aa983b4b8d80704f03927c61b9a1c36f493c4dfe346a8a59bfc87712b80a6a1bb31a5b3055dc6a0f7eda4f4cef3eba
-
SSDEEP
3072:pYUIWLFtsoAqhSvgscHrHog7EOGGg9cJvl:uUIWLTstvgsc7t7EkBl
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
3