Overview
overview
7Static
static
3aadfd9f322...18.exe
windows7-x64
7aadfd9f322...18.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3config.dll
windows7-x64
5config.dll
windows10-2004-x64
5douyou_duan-qzd.exe
windows7-x64
1douyou_duan-qzd.exe
windows10-2004-x64
1iconAnimate.exe
windows7-x64
1iconAnimate.exe
windows10-2004-x64
1iconTips.exe
windows7-x64
1iconTips.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3General
-
Target
aadfd9f322ba0dbd314c98e50c897427_JaffaCakes118
-
Size
1.4MB
-
Sample
240614-vvq4ratckn
-
MD5
aadfd9f322ba0dbd314c98e50c897427
-
SHA1
856c227c0c3301cd2e8576e4130e0817da94f02a
-
SHA256
f048d6c021a1f189e86a0bb99b5010c3b43c7ca326e6f7aef1ef85c56060ff6f
-
SHA512
2c43f173640003a569b6d5cb0dee240031a112868e6d33cd642f5fa25dd205972e3ad9340dc084b8ee4b2c5b4842b2ad26cf822ceb6af6bf6ca1b68f07070a88
-
SSDEEP
24576:58QmqMQVIDKEDUmVcZqefKc54Aw28oSAP7zxBUxdbtJKLXceNRzzPji0dpnKMJLv:uQ1VIEiczxVAoSA/xB4KA4yExjLv
Static task
static1
Behavioral task
behavioral1
Sample
aadfd9f322ba0dbd314c98e50c897427_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
aadfd9f322ba0dbd314c98e50c897427_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
config.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
config.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
douyou_duan-qzd.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
douyou_duan-qzd.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
iconAnimate.exe
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
iconAnimate.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
iconTips.exe
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
iconTips.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
uninst.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
uninst.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240611-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
aadfd9f322ba0dbd314c98e50c897427_JaffaCakes118
-
Size
1.4MB
-
MD5
aadfd9f322ba0dbd314c98e50c897427
-
SHA1
856c227c0c3301cd2e8576e4130e0817da94f02a
-
SHA256
f048d6c021a1f189e86a0bb99b5010c3b43c7ca326e6f7aef1ef85c56060ff6f
-
SHA512
2c43f173640003a569b6d5cb0dee240031a112868e6d33cd642f5fa25dd205972e3ad9340dc084b8ee4b2c5b4842b2ad26cf822ceb6af6bf6ca1b68f07070a88
-
SSDEEP
24576:58QmqMQVIDKEDUmVcZqefKc54Aw28oSAP7zxBUxdbtJKLXceNRzzPji0dpnKMJLv:uQ1VIEiczxVAoSA/xB4KA4yExjLv
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
3KB
-
MD5
8614c450637267afacad1645e23ba24a
-
SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
-
SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
-
SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
d753362649aecd60ff434adf171a4e7f
-
SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0
-
SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
-
SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
SSDEEP
192:3Gs+dH4+oQOTgDbzuNfrigyULWsXXZF/01JJijnK72dwF7dBEnbok:3GvdH4qMebzPY2Vijn+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
94KB
-
MD5
0061a96c8ff17ad0927aae65b5dfe06b
-
SHA1
9d1bd69d930ccda683e6b7c2c0d1dbe3b54861fe
-
SHA256
2aaef1ed8a25097b3a807568daeffd3320fa29d6de66df90a57beaa8df8949cf
-
SHA512
c6b887a4e1682ba1e126c93bc4d886c7f1ce392f97866e631c5b8a945824cbefc9af2429a14c2dac3b16d97bd33195d4378a7e92ae53fdeb47197452d4d90fc4
-
SSDEEP
1536:0yy+i55jAPWrI5qXgcAZ5c4DB5G7NXE9eOO2xwN:3y+i5i+kEQcAZXGx0cr2xw
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
56a321bd011112ec5d8a32b2f6fd3231
-
SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78
-
SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
-
SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
SSDEEP
192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score3/10 -
-
-
Target
config.dll
-
Size
1.0MB
-
MD5
b4d19749adaf9f2c42f06eff71b003cb
-
SHA1
6cae6493aca04be3b721df0c34f7b54b9b4f48ba
-
SHA256
d05b2b15a2338adbb2202ec480a5c9689247df4c175ee41a20ce1d03422193f2
-
SHA512
54a22826314925a7ea5b154dd81f880bfd33dd0fea238761c4a7d166248ffd0a0cb088f901f3fcadf03573ed7dc89353d96fefa8a236608535773d15ffbe834e
-
SSDEEP
24576:zGO1umTtkhLW/tD5BvnTSgGqelp3OVAKVHS8QmmAx:nuCtkh6/tD55nTSgylp+V7VHJQqx
Score5/10-
Drops file in System32 directory
-
-
-
Target
douyou_duan-qzd.exe
-
Size
160KB
-
MD5
40c208e08b1442ce16683584757a553e
-
SHA1
fb9d56c453ee3d6f53941dae7a46aa46d4a403c4
-
SHA256
9eb97093a6e455ddd48b964b8d798da841c2fcb6bcc389826bb87b50dafe9c12
-
SHA512
1be251466b79ba40f04848c9db16ccc51f30730f689ea5d9783e15103da09a026b3b6392fbc17d1bf6277b5d63a001319b30ff3881c489a92e8a0cd4801f7177
-
SSDEEP
3072:ekuVKdiP6S1pdKMCcY4drE9tHC9fRgOIieWdWzwsI:jOc2pdYcY2rEb2gjWUO
Score1/10 -
-
-
Target
iconAnimate.exe
-
Size
433KB
-
MD5
3a34833e5fdb190d6eb88d72635de31b
-
SHA1
118ba453d757321872afd58d43a6ab6e4ecf3bef
-
SHA256
f55dada0dbd393e37ee6134d3425d6224af8ad47c9e9d6a8eb70420c6902d473
-
SHA512
6f09ef3c008dca9c6114e346c738658aa116cec2e2a17d91daa1f8fd36861622643dcf18c196003fb54f29705f75e4f8d4d593d22a68ad24b9faa4c198b5369d
-
SSDEEP
6144:ElYIXLG7MMslVLukmKiuwv11rf1Ar3Q4Oc2pdYcY2rEb2gjWUp:Epi7MMmpiuwNV1Agc2pqQrEcUp
Score1/10 -
-
-
Target
iconTips.exe
-
Size
409KB
-
MD5
1b2e79f1323546ff53879f0635f529d5
-
SHA1
9713b24fc5a5046a192d4d1acece3a34060cb870
-
SHA256
a43b376383cb1b6ec867aa4dfb005359152f874f518b2fe839e78a803d63f770
-
SHA512
b21ea156afc43d6b1cad0ae13e1ae6e04e7393d53e26415568ac26a1231aaf59e103195051d13a6c8983901948aa931afe28024d0a8807fa4499fea509a91d65
-
SSDEEP
6144:THAYGNMpEWvWj1MqgOMMqOc2pdYcY2rEb2gjWU3:TgYGNIEWvWjaiDc2pqQrEcU3
Score1/10 -
-
-
Target
uninst.exe
-
Size
418KB
-
MD5
e77f23f79a593441197de7f9554aeabf
-
SHA1
5b7496c2229953452d8f381bd37b761bea53fd96
-
SHA256
1a6d1bae47abef8db6d33ab4f9efc451b2a99d432fe012208e88e6b27f2aa845
-
SHA512
d4bfb1ad630dfde11a2cdad656c59eb82f05dd79bd7c724cab89916bda5b04039e6c6f62f066de09a6b4947897da4e6e557d68be9f386e636e403b10cdff3648
-
SSDEEP
6144:F8LxBDOc2pdYcY2rEb2gjWU1sWahKVE86zTsHITcsJgYA1VDk8:Pc2pqQrEcU1EUW86zlTcsQXI8
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
3KB
-
MD5
8614c450637267afacad1645e23ba24a
-
SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
-
SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
-
SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
56a321bd011112ec5d8a32b2f6fd3231
-
SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78
-
SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
-
SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
SSDEEP
192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
20KB
-
MD5
50fdadda3e993688401f6f1108fabdb4
-
SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a
-
SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6
-
SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8
-
SSDEEP
384:jQB2ZUVHUxgoJX0eBA6PcH85db+ya9cC0Ac9khYLMkIX0+G5xgZmT+m//a:j/UFeJ5S6PHLNa9cFam/
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
f832e4279c8ff9029b94027803e10e1b
-
SHA1
134ff09f9c70999da35e73f57b70522dc817e681
-
SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
-
SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
SSDEEP
96:ytJ6tC4jcY5rKhkfL9SYdKkcxM2DjDf3GEfKvBKav+Yx4yndY7ndS27gA:yyj6QS8HREf+BYYxbdqn420
Score3/10 -