531313033fdb71c44c0791f56679e55c36f06fa6250f90f68ebaf42e7a2a044b

Submit
Reports

Overview

overview

Static

static

5f614b3d2a...18.exe

windows7-x64

5f614b3d2a...18.exe

windows10-2004-x64

$PLUGINSDI...in.dll

windows7-x64

$PLUGINSDI...in.dll

windows10-2004-x64

$PLUGINSDI...rt.dll

windows7-x64

$PLUGINSDI...rt.dll

windows10-2004-x64

$PLUGINSDIR/Base.dll

windows7-x64

$PLUGINSDIR/Base.dll

windows10-2004-x64

$PLUGINSDI...er.dll

windows7-x64

$PLUGINSDI...er.dll

windows10-2004-x64

$PLUGINSDI...ol.dll

windows7-x64

$PLUGINSDI...ol.dll

windows10-2004-x64

$PLUGINSDI...rt.dll

windows7-x64

$PLUGINSDI...rt.dll

windows10-2004-x64

$PLUGINSDI...em.dll

windows7-x64

$PLUGINSDI...em.dll

windows10-2004-x64

$PLUGINSDIR/Utils.dll

windows7-x64

$PLUGINSDIR/Utils.dll

windows10-2004-x64

$PLUGINSDI...00.dll

windows7-x64

$PLUGINSDI...00.dll

windows10-2004-x64

$PLUGINSDI...00.dll

windows7-x64

$PLUGINSDI...00.dll

windows10-2004-x64

$_15_/Baid...ce.dll

windows7-x64

$_15_/Baid...ce.dll

windows10-2004-x64

$_15_/Baid...ll.dll

windows7-x64

$_15_/Baid...ll.dll

windows10-2004-x64

$_15_/Baid...ot.exe

windows7-x64

$_15_/Baid...ot.exe

windows10-2004-x64

BDDocker.dll

windows7-x64

BDDocker.dll

windows10-2004-x64

BDDocker.exe

windows7-x64

BDDocker.exe

windows10-2004-x64

Analysis

max time kernel
135s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 06:29

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118.exe

Resource

win7-20240708-en

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118.exe

Resource

win10v2004-20240709-en

bootkit discovery persistence

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/BDMSkin.dll

Resource

win7-20240708-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/BDMSkin.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

$PLUGINSDIR/BaiduReport.dll

Resource

win7-20240705-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

$PLUGINSDIR/BaiduReport.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

$PLUGINSDIR/Base.dll

Resource

win7-20240704-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

$PLUGINSDIR/Base.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral9

Sample

$PLUGINSDIR/InstallHelper.dll

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

$PLUGINSDIR/InstallHelper.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

$PLUGINSDIR/Protocol.dll

Resource

win7-20240708-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

$PLUGINSDIR/Protocol.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

$PLUGINSDIR/Report.dll

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

$PLUGINSDIR/Report.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

$PLUGINSDIR/System.dll

Resource

win7-20240704-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

$PLUGINSDIR/Utils.dll

Resource

win7-20240705-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

$PLUGINSDIR/Utils.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

$PLUGINSDIR/msvcp100.dll

Resource

win7-20240704-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

$PLUGINSDIR/msvcp100.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

$PLUGINSDIR/msvcr100.dll

Resource

win7-20240708-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

$PLUGINSDIR/msvcr100.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

$_15_/Baidu/Baidu/plugin/extends/game/1.0.0.3/JoystickService.dll

Resource

win7-20240705-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

$_15_/Baidu/Baidu/plugin/extends/game/1.0.0.3/JoystickService.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/jietuDll.dll

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/jietuDll.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/screensnapshot.exe

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/screensnapshot.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

BDDocker.dll

Resource

win7-20240704-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral30

Sample

BDDocker.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral31

Sample

BDDocker.exe

Resource

win7-20240704-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral32

Sample

BDDocker.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

$_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/jietuDll.dll
Size

78KB
MD5

cb2890bd544ecc0d442bc09429e2099a
SHA1

bd45300e1d7b8c79aa0e14c1dd59ae7c24d4d7bf
SHA256

a7c0f7988c03bb47b691bf7089738d67f0f31366cb1a8a4aefa18ed3914b7388
SHA512

e8e15555b62b56fdfc15eb109308075650d96dd0415cc508a865ec69151d2601d2ce06b943822b6b74057abf8033c93ccfa54bfe4f90308959925793a13a70b2
SSDEEP

1536:ZfoGCAKT/A2Nu4ESO2C5Cfv9Uc04HSzt4tJhIxtrE63TOfDOak0:RoG9KTIZ4EShC5Cfv9Uc7SuIrE63TOf+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4072 wrote to memory of 4312	4072	rundll32.exe	86
PID 4072 wrote to memory of 4312	4072	rundll32.exe	86
PID 4072 wrote to memory of 4312	4072	rundll32.exe	86

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_15_\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_15_\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll,#1
  2⤵
  PID:4312

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads