Overview
overview
10Static
static
1091b9cc02b2...18.exe
windows7-x64
791b9cc02b2...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3PBWS32.dll
windows7-x64
1PBWS32.dll
windows10-2004-x64
3baro.exe
windows7-x64
1baro.exe
windows10-2004-x64
1dll/FreeImage.dll
windows7-x64
3dll/FreeImage.dll
windows10-2004-x64
3dll/Interop.WIA.dll
windows7-x64
1dll/Interop.WIA.dll
windows10-2004-x64
1dll/Markup...er.dll
windows7-x64
1dll/Markup...er.dll
windows10-2004-x64
1dll/PdfSharp.dll
windows7-x64
1dll/PdfSharp.dll
windows10-2004-x64
1dll/RegAsm.exe
windows7-x64
1dll/RegAsm.exe
windows10-2004-x64
1dll/SDD_TW...ER.dll
windows7-x64
1dll/SDD_TW...ER.dll
windows10-2004-x64
1dll/Saraff.Twain.dll
windows7-x64
1dll/Saraff.Twain.dll
windows10-2004-x64
1dll/System...ng.dll
windows7-x64
1dll/System...ng.dll
windows10-2004-x64
1dll/UzakYardim.exe
windows7-x64
10dll/UzakYardim.exe
windows10-2004-x64
10dll/WinSCP.exe
windows7-x64
6dll/WinSCP.exe
windows10-2004-x64
7Analysis
-
max time kernel
142s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:06
Behavioral task
behavioral1
Sample
91b9cc02b2a3dde4f8f54ba3646c2cc2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91b9cc02b2a3dde4f8f54ba3646c2cc2_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/advsplash.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/advsplash.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
PBWS32.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
PBWS32.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
baro.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
baro.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
dll/FreeImage.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
dll/FreeImage.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
dll/Interop.WIA.dll
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
dll/Interop.WIA.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
dll/MarkupConverter.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
dll/MarkupConverter.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
dll/PdfSharp.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
dll/PdfSharp.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
dll/RegAsm.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
dll/RegAsm.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
dll/SDD_TWAIN_SCANNER.dll
Resource
win7-20240419-en
Behavioral task
behavioral24
Sample
dll/SDD_TWAIN_SCANNER.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
dll/Saraff.Twain.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
dll/Saraff.Twain.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
dll/System.Drawing.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
dll/System.Drawing.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
dll/UzakYardim.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
dll/UzakYardim.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
dll/WinSCP.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
dll/WinSCP.exe
Resource
win10v2004-20240508-en
General
-
Target
dll/WinSCP.exe
-
Size
277KB
-
MD5
50c182293fef31782db383b5f5fb5a3f
-
SHA1
f884abacee9918bd3d454e531638aa16219d3f2b
-
SHA256
24e98f04948e730121af8c6f186b8b288a66bfdf88dcf4d11b7ef2878463bd89
-
SHA512
0399940f9661cbc156395700a0c3a5e6d69d02f7cb9bc43c7437cdcc4106e4e3a813ebd615e016e842b0ed93b14435f9134cd0d61a985b840fe922db65e6ba62
-
SSDEEP
6144:skdBy6tHmG676IS8i5cSXX6a8sg4iAA+KVI:By6tHe76IS8i5LXviAAje
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation WinSCP.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\G: WinSCP.exe File opened (read-only) \??\J: WinSCP.exe File opened (read-only) \??\R: WinSCP.exe File opened (read-only) \??\S: WinSCP.exe File opened (read-only) \??\V: WinSCP.exe File opened (read-only) \??\X: WinSCP.exe File opened (read-only) \??\A: WinSCP.exe File opened (read-only) \??\B: WinSCP.exe File opened (read-only) \??\H: WinSCP.exe File opened (read-only) \??\I: WinSCP.exe File opened (read-only) \??\M: WinSCP.exe File opened (read-only) \??\P: WinSCP.exe File opened (read-only) \??\Z: WinSCP.exe File opened (read-only) \??\E: WinSCP.exe File opened (read-only) \??\K: WinSCP.exe File opened (read-only) \??\L: WinSCP.exe File opened (read-only) \??\N: WinSCP.exe File opened (read-only) \??\U: WinSCP.exe File opened (read-only) \??\Y: WinSCP.exe File opened (read-only) \??\O: WinSCP.exe File opened (read-only) \??\Q: WinSCP.exe File opened (read-only) \??\T: WinSCP.exe File opened (read-only) \??\W: WinSCP.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3104 WinSCP.exe 3104 WinSCP.exe 3104 WinSCP.exe 3104 WinSCP.exe