Overview
overview
10Static
static
7044c89deee...18.exe
windows7-x64
7044c89deee...18.exe
windows10-2004-x64
7$PLUGINSDIR/delay.dll
windows7-x64
3$PLUGINSDIR/delay.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDIR/nsWeb.dll
windows7-x64
3$PLUGINSDIR/nsWeb.dll
windows10-2004-x64
3$PLUGINSDIR/nsweb.dll
windows7-x64
3$PLUGINSDIR/nsweb.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ce.dll
windows7-x64
3$PLUGINSDI...ce.dll
windows10-2004-x64
3$PLUGINSDIR/time.dll
windows7-x64
3$PLUGINSDIR/time.dll
windows10-2004-x64
3$PROGRAM_F...ta.dll
windows7-x64
7$PROGRAM_F...ta.dll
windows10-2004-x64
7$PROGRAM_F...ar.dll
windows7-x64
7$PROGRAM_F...ar.dll
windows10-2004-x64
7$PROGRAM_F...52.exe
windows7-x64
8$PROGRAM_F...52.exe
windows10-2004-x64
8Lang2052.exe
windows7-x64
8Lang2052.exe
windows10-2004-x64
8file,diz.exe
windows7-x64
10file,diz.exe
windows10-2004-x64
10pg2.exe
windows7-x64
1pg2.exe
windows10-2004-x64
1General
-
Target
044c89deeeb8702d9e7d6a8c13675a88_JaffaCakes118
-
Size
1.5MB
-
Sample
240620-j6swyaxeqc
-
MD5
044c89deeeb8702d9e7d6a8c13675a88
-
SHA1
66d9f40590ed19af2fac0f2a9dfbe20eaa1db0e4
-
SHA256
6de5093e6e65d25cd2b810da839168167b46d10e850ff25ccf0768ceb652fca8
-
SHA512
e02fbaf038391df2eb14d6ef67f68f26a8c07a74b951e9291043983b92c288ffd0fee1cc3568ead006f08113f092f04aedf6061423a2af923f975c17da7667d0
-
SSDEEP
24576:Mikhaw92oZpMe6tgu54sEzpoiqU/BRhRnLR3tt1e+er4XkLy0Zlq8HHRriUoVV/:MFhauZGeUgu54tqOB7Bj2+er4XS9n6v/
Behavioral task
behavioral1
Sample
044c89deeeb8702d9e7d6a8c13675a88_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
044c89deeeb8702d9e7d6a8c13675a88_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/delay.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/delay.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/installoptions.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/installoptions.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/killprocdll.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/killprocdll.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsWeb.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsWeb.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsweb.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsweb.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/startmenu.dll
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/startmenu.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/system.dll
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/system.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/textreplace.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/textreplace.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/time.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/time.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PROGRAM_FILES/Baidu/bar/TempData.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
$PROGRAM_FILES/Baidu/bar/TempData.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PROGRAM_FILES/Baidu/bar/baidubar.dll
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
$PROGRAM_FILES/Baidu/bar/baidubar.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
$PROGRAM_FILES_COMMON/NSISLog/Lang2052.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$PROGRAM_FILES_COMMON/NSISLog/Lang2052.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
Lang2052.exe
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
Lang2052.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
file,diz.exe
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
file,diz.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
pg2.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
pg2.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
044c89deeeb8702d9e7d6a8c13675a88_JaffaCakes118
-
Size
1.5MB
-
MD5
044c89deeeb8702d9e7d6a8c13675a88
-
SHA1
66d9f40590ed19af2fac0f2a9dfbe20eaa1db0e4
-
SHA256
6de5093e6e65d25cd2b810da839168167b46d10e850ff25ccf0768ceb652fca8
-
SHA512
e02fbaf038391df2eb14d6ef67f68f26a8c07a74b951e9291043983b92c288ffd0fee1cc3568ead006f08113f092f04aedf6061423a2af923f975c17da7667d0
-
SSDEEP
24576:Mikhaw92oZpMe6tgu54sEzpoiqU/BRhRnLR3tt1e+er4XkLy0Zlq8HHRriUoVV/:MFhauZGeUgu54tqOB7Bj2+er4XS9n6v/
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/delay.dll
-
Size
20KB
-
MD5
215c1893e3256fb90e60b7544034964f
-
SHA1
4095c6963194d5e0d738d0c7c2da2bd943c260f7
-
SHA256
020431d04975ec2742921e0ebc6d6c25d7d33147e23979945546e77ada25c27e
-
SHA512
7eecc83c8752b3531f7a1784aef055f7462f6bc186442012f7b75b4ce143160c1e4f317cb8927e8ad69bd9ef70ffecef5d4195025e5b058727567ad2c856dfb4
-
SSDEEP
96:PQ0iukkmFO9+R/ckkCN3jPp6OAVGsJ3s6E3qLlz:Pbifb105C5wOAVrE3qLlz
Score3/10 -
-
-
Target
$PLUGINSDIR/installoptions.dll
-
Size
12KB
-
MD5
1d5c649dde35003a618b9679d5d71b92
-
SHA1
0409bbab3ab34f8c01289cdd847b4d1a32d05b18
-
SHA256
0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
-
SHA512
b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
-
SSDEEP
384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score3/10 -
-
-
Target
$PLUGINSDIR/killprocdll.dll
-
Size
32KB
-
MD5
83142eac84475f4ca889c73f10d9c179
-
SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8
-
SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
-
SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
-
SSDEEP
384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score3/10 -
-
-
Target
$PLUGINSDIR/nsWeb.dll
-
Size
8KB
-
MD5
84bcf3c71e70d5a6e9dc07d70466bdc3
-
SHA1
31603a1afc2d767a3392d363ff61533beaa25359
-
SHA256
7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf
-
SHA512
61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e
-
SSDEEP
96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc
Score3/10 -
-
-
Target
$PLUGINSDIR/nsweb.dll
-
Size
8KB
-
MD5
84bcf3c71e70d5a6e9dc07d70466bdc3
-
SHA1
31603a1afc2d767a3392d363ff61533beaa25359
-
SHA256
7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf
-
SHA512
61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e
-
SSDEEP
96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc
Score3/10 -
-
-
Target
$PLUGINSDIR/startmenu.dll
-
Size
6KB
-
MD5
5aae8598d8b53bcec81d8e8c8a6732f9
-
SHA1
d071fcc74a107c7d7bc5a493d305b00976b07464
-
SHA256
be3f03c07be54354b8a9a30a8c0ac384f43c245c9b95ed1025549c76642f3fb4
-
SHA512
d20af152b9d1903cd9cd0ff584f14f95ee69cd7149c9ef9369257d08659d1a7ab5860055b39ebd0ead67cfc31da2571175623a5676116ce999acea2b7a643c1d
-
SSDEEP
96:VLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsBQhEfP0:VLjPk8OT30FFAmCP0
Score3/10 -
-
-
Target
$PLUGINSDIR/system.dll
-
Size
10KB
-
MD5
4eff5fafd746f5decb93a44e3a3d570c
-
SHA1
a11aa7681b7e2df1c7f7492a127d332d1495ea8a
-
SHA256
cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
-
SHA512
cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
-
SSDEEP
192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score3/10 -
-
-
Target
$PLUGINSDIR/textreplace.dll
-
Size
6KB
-
MD5
2c50b9443f7964fcf3a3cb8e9d05aaae
-
SHA1
16221ad7e65e696531408875cfc9a1e1cdf2c33d
-
SHA256
023334022250071efc6bfe5fa67704ea971eb0007fda9c4b9fb92df16cfde29e
-
SHA512
4d6ea4141a68140f93736703428cd44962234c314e40dbfb11390bf3aa191fcea057c22e5a34422fefafa19d499cf50381160212986cd4e5a7fdf027f7f4a0a3
-
SSDEEP
96:VyGX30PlRxQfRCPnaaF4hWJYd4DgxiBRVlYv:cBlRufRCPaaF4pd4DAiBR
Score3/10 -
-
-
Target
$PLUGINSDIR/time.dll
-
Size
11KB
-
MD5
4b1d347d9274af9ce986fc94510e8bfb
-
SHA1
fa433988760655a97ed44dbfb705ddb72d241569
-
SHA256
1c95542372399593b4140b4c86385a441a095546954cf237cda3d09d14354d70
-
SHA512
577f1142cc8085a52347fea505c8d1eab8b2c429238899ff63ed94d2e6fb1662ab3ca9f7b68f7454ffac43c525ae4de58c9bbd9a8b2ce7d6c481d96b72859dc9
-
SSDEEP
192:oNLwTnfu/972naHpZnasamcn/baTa5YbveFumiBRWpA/E:oNLwzuZ2afa7mcn/+W5YzMcMp
Score3/10 -
-
-
Target
$PROGRAM_FILES/Baidu/bar/TempData.KGB
-
Size
584KB
-
MD5
0c8ed82bce60e5e2860d9daa28289267
-
SHA1
5ea9dcfadc426463c51e0abfc736a42dfc31f3e9
-
SHA256
89bc3949eb1ab805b49f2699f0623796997ba7bf0f5acf9402f90ae5cd630d13
-
SHA512
2a6b90d1ee12d88a9866b774de5b52b329beebbb9ce0c1655455020aeaddd0824cd3c38804e76f777b81fa5b149744b392ea8f904ba2eb71c6db779a0ef85830
-
SSDEEP
12288:iIS8w5m7/8D9eaX2E4M+j252A2dITSfHe:iIAwwx4M+i52+
Score7/10-
Loads dropped DLL
-
-
-
Target
$PROGRAM_FILES/Baidu/bar/baidubar.dll
-
Size
584KB
-
MD5
0c8ed82bce60e5e2860d9daa28289267
-
SHA1
5ea9dcfadc426463c51e0abfc736a42dfc31f3e9
-
SHA256
89bc3949eb1ab805b49f2699f0623796997ba7bf0f5acf9402f90ae5cd630d13
-
SHA512
2a6b90d1ee12d88a9866b774de5b52b329beebbb9ce0c1655455020aeaddd0824cd3c38804e76f777b81fa5b149744b392ea8f904ba2eb71c6db779a0ef85830
-
SSDEEP
12288:iIS8w5m7/8D9eaX2E4M+j252A2dITSfHe:iIAwwx4M+i52+
Score7/10-
Loads dropped DLL
-
-
-
Target
$PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
-
Size
392KB
-
MD5
6f7c5b0aa8efb062cc3bd02a322111c3
-
SHA1
204fc1afe73a9571ea833787b2259cc84bb59781
-
SHA256
ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c
-
SHA512
1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106
-
SSDEEP
6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
Lang2052.DAT
-
Size
392KB
-
MD5
6f7c5b0aa8efb062cc3bd02a322111c3
-
SHA1
204fc1afe73a9571ea833787b2259cc84bb59781
-
SHA256
ebc13d0a0e033ba82d6dbfacc1152fb3d9b7d3ee4836f1da5833a0c13ce04c5c
-
SHA512
1acf42eb0dd3daaeb0cffb589c15844790109bbfcc29cd353a1cfed11f846c4b817342b62913589707c9e1888d22f613b4a341ff403f46393ff39717c2a09106
-
SSDEEP
6144:WpSRTGEOMVBT5IpP1JKTHyjaymgiOtwNSF6Diukeg0kJ8XvaG1ynqmcI6:W6OvgMmPjc6DivTJ8/aG1EqmA
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
file,diz.thx
-
Size
66KB
-
MD5
77bd8e0ee1b801c9f546b5a7a6c5da5f
-
SHA1
15f0e2a3c683b990bba6112e50e64d80f72b9967
-
SHA256
8b7750316de4287d3b7a58a53ed7827ca47538959622d2924325e08bf1e17c2e
-
SHA512
3f6ef1c1046366975f8f83a7467d9d06121f8e8ccf6254d0569910131c1699838aa6e6c35e9bf2d8b81e5b60d413a0a115fcfee519ccf72ef75939c1ca1fd5e7
-
SSDEEP
1536:PC6is4dqxjrV+/+4uhr976ST4TBP3gTnAqwvmY:findqxjrVh1976SkxGAeY
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
pg2.exe
-
Size
783KB
-
MD5
214b5e18baaeb8b397a29e68dcfac231
-
SHA1
0d6c65b4591fd08d1b3bb955aaf543cdac43e187
-
SHA256
7cdd5bc733f47d2a8e57e19ecdefb11e320f4729bd4f9bf0d721bfd2b402c48c
-
SHA512
dc233b3ef7d73fb8426e12445b02ee5fc2cc17ea9ace13bc12845ebdfc9ecd3b85b13e0fd4051f15be0037dc200ddd5b2da59ae78417d80698b152d91543c4f7
-
SSDEEP
12288:Tpq1gdA9qZpVLBa5JGIGQvTppZmm3ySV5ScgACs:U5UZp505JRGQLp/733VR9z
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1