Overview
overview
7Static
static
304ba6f6c5a...18.exe
windows7-x64
704ba6f6c5a...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PROGRAMFI...er.exe
windows7-x64
1$PROGRAMFI...er.exe
windows10-2004-x64
1$PROGRAMFI...ck.dll
windows7-x64
6$PROGRAMFI...ck.dll
windows10-2004-x64
6$PROGRAMFI...an.dll
windows7-x64
1$PROGRAMFI...an.dll
windows10-2004-x64
1$PROGRAMFI...rd.exe
windows7-x64
1$PROGRAMFI...rd.exe
windows10-2004-x64
1$PROGRAMFI...es.dll
windows7-x64
1$PROGRAMFI...es.dll
windows10-2004-x64
1$PROGRAMFI...up.exe
windows7-x64
1$PROGRAMFI...up.exe
windows10-2004-x64
1uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3General
-
Target
04ba6f6c5a7d94bd3c832588929879c1_JaffaCakes118
-
Size
843KB
-
Sample
240620-lfqd8szfle
-
MD5
04ba6f6c5a7d94bd3c832588929879c1
-
SHA1
840e235b29ed12eeb86f8a9acef01750d8c1a970
-
SHA256
a9932a15a192daf4eeae3e0d15f5c583508d5a97a825c5f829744b012891651f
-
SHA512
09060e01eb2f05d135f5039589be0df0e6db2c89632ec4ca296d00a0b08bb4b8fd4b817424b3102a391c7d55d75d727a9e7b967f4de37499bdfa082603dd6d89
-
SSDEEP
24576:mmamxLMXs8CP6/XH+z05ERPddw+OmqNZXeFrTH2:Zxgc7S/XHD5yPbw+BQ1
Static task
static1
Behavioral task
behavioral1
Sample
04ba6f6c5a7d94bd3c832588929879c1_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
04ba6f6c5a7d94bd3c832588929879c1_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PROGRAMFILES/winguard/launcher.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PROGRAMFILES/winguard/launcher.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PROGRAMFILES/winguard/wgblock.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PROGRAMFILES/winguard/wgblock.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PROGRAMFILES/winguard/wgclean.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
$PROGRAMFILES/winguard/wgclean.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PROGRAMFILES/winguard/winguard.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
$PROGRAMFILES/winguard/winguard.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/winguard/winguardres.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/winguard/winguardres.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
$PROGRAMFILES/winguard/winguardup.exe
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
$PROGRAMFILES/winguard/winguardup.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
uninstall.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
04ba6f6c5a7d94bd3c832588929879c1_JaffaCakes118
-
Size
843KB
-
MD5
04ba6f6c5a7d94bd3c832588929879c1
-
SHA1
840e235b29ed12eeb86f8a9acef01750d8c1a970
-
SHA256
a9932a15a192daf4eeae3e0d15f5c583508d5a97a825c5f829744b012891651f
-
SHA512
09060e01eb2f05d135f5039589be0df0e6db2c89632ec4ca296d00a0b08bb4b8fd4b817424b3102a391c7d55d75d727a9e7b967f4de37499bdfa082603dd6d89
-
SSDEEP
24576:mmamxLMXs8CP6/XH+z05ERPddw+OmqNZXeFrTH2:Zxgc7S/XHD5yPbw+BQ1
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781
-
SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f
-
SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
-
SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
-
SSDEEP
192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PROGRAMFILES/winguard/launcher.exe
-
Size
41KB
-
MD5
f99e0b49d491a5b0d48b57ae58a7f584
-
SHA1
8e907e5266140158525045f34c34a56a06ba0241
-
SHA256
26bbb72ba5b4c55d9a68dab2121c58bebbc0200b63c9b50fa0e68c8981e64133
-
SHA512
a2f45ba4f00f30fb3f0352f698577cc1804db48d82bd3db3cdf4428009476e7403927959c65b77fa0d19ac08e6e293236073e0a775bd99988a99e17e180eeaf3
-
SSDEEP
768:Sp8NuwB/6eC3a+HWTC6PLg994M3FE1xJZexBnm+aqDg4qtYMu76v//YXOeE:SQdCulTCyM32GvbDs+Mu76v//YXOf
Score1/10 -
-
-
Target
$PROGRAMFILES/winguard/wgblock.dll
-
Size
216KB
-
MD5
8f2acc17aa7b217130ba3bb39335e93f
-
SHA1
f2f269c7975e30a395c66ea17f572d0e648855fa
-
SHA256
903c057cdded367f032dc9b27cbb89f1748220968df6dc43b7dd623e6955fd96
-
SHA512
ad17ebcf997742393a612cb852abbccb7e9e4640877a4142eb282348fa45be0e3a3d747c6dc5be50f3176c49b6334c2fe828d478f7f31ffd0adc77069347e9bb
-
SSDEEP
3072:kMqRMebRaOFNyc3lo4fNUg49iCF0USaYPPo3p1slFtQ:kMFsRaOFV3lo4lG9iC5RTZ
-
-
-
Target
$PROGRAMFILES/winguard/wgclean.dll
-
Size
56KB
-
MD5
f5ccc73f957543d8205e56155bc45125
-
SHA1
761629269e9c0edfedd9558970a9040be95e8bdd
-
SHA256
0d378c8b36436a14f708bb54dfeb0b2c4cbf16b30e5911e76869ecf654ed6d20
-
SHA512
aa60501cd04281ed88641e75a52c302d85e0ed8eb5144b9c06a750c07534f0844975f09b4e2bc5551cb10a4dde5f0e1d5d256fffcfdff2446d4f6b76e6723dde
-
SSDEEP
1536:/nKnhYt7HcwJD7DXqdST6jZeqJXxLx01S:0Yt78waV5JX5x08
Score1/10 -
-
-
Target
$PROGRAMFILES/winguard/winguard.exe
-
Size
692KB
-
MD5
b700c89711b30e90e2f76b0007d56208
-
SHA1
60950ca9776ca55bf0a02692e93fbf6d066e2f12
-
SHA256
598c540febd9958c8bebbbc29d0331a8735d0d9058141c872dfa3d2588b44476
-
SHA512
cf0b8d66f767cc201495d85c95b046baf11dda86511120a2785503bcc3a0d33bf9d928bb1bd19488726b9a76e8e46491e1f013e821376f04e14c11d9c7128923
-
SSDEEP
12288:7qAOVI+/tAUv7GTURRNV1admlPlzNrZ5iZ9gGMC5ReiElki:23CEtRRN3admPkZ9o+wWi
Score1/10 -
-
-
Target
$PROGRAMFILES/winguard/winguardres.dll
-
Size
396KB
-
MD5
424cb9ae24a35a7f48e1304edf1c609f
-
SHA1
caefb87e65e593fca9550cd30aab4064ea2ec5c0
-
SHA256
da281fae8bb7151c6c1122ba634ad0df30ccdbc9749b23007433f3c268e23fc4
-
SHA512
319fbe93185ece9c44c92978d074d4150669ab1b00cd01d3a893f5e03f25210368b841efd6d6daa3f1fe761db56affb4082d51cf765a45b6459215443f10909e
-
SSDEEP
12288:4gPugV5rt2Q+JdoyBHOftZn2QLj1FZqO5V99wz:4gPeJdY/71vJ
Score1/10 -
-
-
Target
$PROGRAMFILES/winguard/winguardup.exe
-
Size
196KB
-
MD5
bccbadf2904d35f7ca10e7b76f965ddf
-
SHA1
074cc113f68fdbc306ee85f9c3137143abbac851
-
SHA256
66745ad23e3025eb03176a08c1810acc14e50446231064b67c9a1cb904401efe
-
SHA512
16d6d8ebe570d539f9c5e39ebe1c1f27bbd3d04445699d39ccb70063b64af27a6e6e34289ca4db15f98c595842124041cbb4a2a8f4366be84a4cf3509f8772b9
-
SSDEEP
3072:ie2lIX6EP1NGCy50Mq8o4fNUg49iCF0USaYGQfZxGnd8q:l2IX6q1NCKf8o4lG9iC5RFQRxGd8
Score1/10 -
-
-
Target
uninstall.exe
-
Size
77KB
-
MD5
1bef23b1de9cdc0e67f1f7c8eb63765c
-
SHA1
b5464b95253570af74c79d64a1a4751c62923e0b
-
SHA256
249d47cf0d96c28096267d32cd75251b098b60a87b362da2d59b8459f0683aff
-
SHA512
9384657130b443cfd8ab14dd0c05553906765c8df339de5c0cd9a1357ad3da750ce04bd9ee54fc46ba4d39025680f36d780c3ca49fe7e40bb3cd2f936ec7af68
-
SSDEEP
1536:XQpQ5EP0ijnRTXJ9gdLeAyNzzpbpq/ppNfgXbGd9ZhK/5D69a:XQIURTXJ9ceAUbWpNf4CM5G9a
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781
-
SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f
-
SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
-
SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
-
SSDEEP
192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
32KB
-
MD5
83142eac84475f4ca889c73f10d9c179
-
SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8
-
SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
-
SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
-
SSDEEP
384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -