Overview
overview
7Static
static
75e804fca34...18.exe
windows7-x64
75e804fca34...18.exe
windows10-2004-x64
7$_14326_/Auth.dll
windows7-x64
3$_14326_/Auth.dll
windows10-2004-x64
3$_14326_/D...ad.dll
windows7-x64
1$_14326_/D...ad.dll
windows10-2004-x64
1$_14326_/E...er.exe
windows7-x64
7$_14326_/E...er.exe
windows10-2004-x64
7$_14326_/M...er.dll
windows7-x64
1$_14326_/M...er.dll
windows10-2004-x64
1$_14326_/P...ut.dll
windows7-x64
1$_14326_/P...ut.dll
windows10-2004-x64
1$_14326_/P...ll.dll
windows7-x64
1$_14326_/P...ll.dll
windows10-2004-x64
1$_14326_/P...ll.dll
windows7-x64
1$_14326_/P...ll.dll
windows10-2004-x64
3$_14326_/P...d3.dll
windows7-x64
1$_14326_/P...d3.dll
windows10-2004-x64
1$_14326_/P...ut.dll
windows7-x64
1$_14326_/P...ut.dll
windows10-2004-x64
3$_14326_/P...dk.dll
windows7-x64
1$_14326_/P...dk.dll
windows10-2004-x64
1$_14326_/P...ec.dll
windows7-x64
1$_14326_/P...ec.dll
windows10-2004-x64
3$_14326_/P...ec.dll
windows7-x64
1$_14326_/P...ec.dll
windows10-2004-x64
3$_14326_/P...nc.dll
windows7-x64
1$_14326_/P...nc.dll
windows10-2004-x64
3$_14326_/P...dr.dll
windows7-x64
1$_14326_/P...dr.dll
windows10-2004-x64
3$_14326_/P...on.dll
windows7-x64
1$_14326_/P...on.dll
windows10-2004-x64
3Analysis
-
max time kernel
13s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
20/07/2024, 01:26
Behavioral task
behavioral1
Sample
5e804fca3425d357d29d049938e61292_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
5e804fca3425d357d29d049938e61292_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$_14326_/Auth.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
$_14326_/Auth.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$_14326_/Decode_Thread.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
$_14326_/Decode_Thread.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$_14326_/Easy_CD_Ripper.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
$_14326_/Easy_CD_Ripper.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$_14326_/MenuHandler.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
$_14326_/MenuHandler.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$_14326_/Plugin/DSOut.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
$_14326_/Plugin/DSOut.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$_14326_/Plugin/LameOpDll.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
$_14326_/Plugin/LameOpDll.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$_14326_/Plugin/MACDll.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral16
Sample
$_14326_/Plugin/MACDll.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$_14326_/Plugin/OutId3.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
$_14326_/Plugin/OutId3.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$_14326_/Plugin/WavOut.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
$_14326_/Plugin/WavOut.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$_14326_/Plugin/Wmaudsdk.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
$_14326_/Plugin/Wmaudsdk.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$_14326_/Plugin/aacdec.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
$_14326_/Plugin/aacdec.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$_14326_/Plugin/apedec.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral26
Sample
$_14326_/Plugin/apedec.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$_14326_/Plugin/apeenc.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
$_14326_/Plugin/apeenc.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$_14326_/Plugin/aspicdr.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
$_14326_/Plugin/aspicdr.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$_14326_/Plugin/ffccon.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral32
Sample
$_14326_/Plugin/ffccon.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
$_14326_/MenuHandler.dll
-
Size
134KB
-
MD5
e9a520e238b15e8601f4a4e690b680bb
-
SHA1
d21499e27eede6a0cbf10e47239a712e9a14baf8
-
SHA256
aa00b8df08f05bb2d432402210efacc5b37bd5ef26c55b6a1665d3bef88b11fa
-
SHA512
ec9184b51a67a9228cfe76c48bc1666e41ea2cd300be68cf7411b746b80c39ede9ab2c7c29fe7e3e395271441d002fbf0ba50904684bfc056b27266c01bad04e
-
SSDEEP
3072:+VAn6TgNpXE0nUau4gHSc+Thej63ls6SOcj+rRkmBUhJY6:g7MNfu61s6i+WmBu
Malware Config
Signatures
-
Modifies registry class 11 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8331A1DE-43C5-4F79-A2AE-0E656856B193}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Easy CD Ripper\ = "{8331A1DE-43C5-4F79-A2AE-0E656856B193}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8331A1DE-43C5-4F79-A2AE-0E656856B193} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8331A1DE-43C5-4F79-A2AE-0E656856B193}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Easy CD Ripper regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8331A1DE-43C5-4F79-A2AE-0E656856B193}\ = "Context Menu Shell Extension" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8331A1DE-43C5-4F79-A2AE-0E656856B193}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\$_14326_\\MenuHandler.dll" regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2904 wrote to memory of 2912 2904 regsvr32.exe 29 PID 2904 wrote to memory of 2912 2904 regsvr32.exe 29 PID 2904 wrote to memory of 2912 2904 regsvr32.exe 29 PID 2904 wrote to memory of 2912 2904 regsvr32.exe 29 PID 2904 wrote to memory of 2912 2904 regsvr32.exe 29 PID 2904 wrote to memory of 2912 2904 regsvr32.exe 29 PID 2904 wrote to memory of 2912 2904 regsvr32.exe 29