Overview
overview
3Static
static
3640539e88d...18.exe
windows7-x64
3640539e88d...18.exe
windows10-2004-x64
3$COMMONFIL...er.dll
windows7-x64
1$COMMONFIL...er.dll
windows10-2004-x64
1$COMMONFIL...VC.dll
windows7-x64
1$COMMONFIL...VC.dll
windows10-2004-x64
1$COMMONFIL...er.dll
windows7-x64
1$COMMONFIL...er.dll
windows10-2004-x64
1$COMMONFIL...er.dll
windows7-x64
1$COMMONFIL...er.dll
windows10-2004-x64
1$COMMONFIL...er.dll
windows7-x64
1$COMMONFIL...er.dll
windows10-2004-x64
1$COMMONFIL...ec.dll
windows7-x64
1$COMMONFIL...ec.dll
windows10-2004-x64
1$COMMONFIL...xr.dll
windows7-x64
1$COMMONFIL...xr.dll
windows10-2004-x64
1$COMMONFIL...nt.dll
windows7-x64
1$COMMONFIL...nt.dll
windows10-2004-x64
1$COMMONFIL...52.dll
windows7-x64
1$COMMONFIL...52.dll
windows10-2004-x64
1$COMMONFIL...ts.dll
windows7-x64
1$COMMONFIL...ts.dll
windows10-2004-x64
1$COMMONFIL...d2.dll
windows7-x64
1$COMMONFIL...d2.dll
windows10-2004-x64
1$COMMONFIL...ad.dll
windows7-x64
1$COMMONFIL...ad.dll
windows10-2004-x64
1$COMMONFIL...ac.dll
windows7-x64
1$COMMONFIL...ac.dll
windows10-2004-x64
1$COMMONFIL...ra.dll
windows7-x64
1$COMMONFIL...ra.dll
windows10-2004-x64
1$COMMONFIL...or.dll
windows7-x64
1$COMMONFIL...or.dll
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
22/07/2024, 17:01
Static task
static1
Behavioral task
behavioral1
Sample
640539e88d682393ee45b8486355f449_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
640539e88d682393ee45b8486355f449_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$COMMONFILES/QvodPlayer/Codecs/AviSplitter.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
$COMMONFILES/QvodPlayer/Codecs/AviSplitter.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$COMMONFILES/QvodPlayer/Codecs/CoreAVC.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
$COMMONFILES/QvodPlayer/Codecs/CoreAVC.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$COMMONFILES/QvodPlayer/Codecs/FLVSplitter.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
$COMMONFILES/QvodPlayer/Codecs/FLVSplitter.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$COMMONFILES/QvodPlayer/Codecs/cddareader.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
$COMMONFILES/QvodPlayer/Codecs/cddareader.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$COMMONFILES/QvodPlayer/Codecs/cdxareader.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
$COMMONFILES/QvodPlayer/Codecs/cdxareader.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$COMMONFILES/QvodPlayer/Codecs/divxdec.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
$COMMONFILES/QvodPlayer/Codecs/divxdec.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$COMMONFILES/QvodPlayer/Codecs/dxr.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
$COMMONFILES/QvodPlayer/Codecs/dxr.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_kerneldeint.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_kerneldeint.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_liba52.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_liba52.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_libdts.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_libdts.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_libfaad2.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_libfaad2.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_libmad.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral26
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_libmad.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_realaac.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_realaac.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_theora.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral30
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_theora.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_tremor.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
$COMMONFILES/QvodPlayer/Codecs/ff_tremor.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
$COMMONFILES/QvodPlayer/Codecs/ff_liba52.dll
-
Size
36KB
-
MD5
01092fc2f8af2cbe9b81fca494f1d6ca
-
SHA1
fca82f39e86f2a299428402a14b78fa54e80340b
-
SHA256
a36afb98930a32fe40c7dc6b1d81069f2ad824ffad397f7ef9942087380b3042
-
SHA512
cf7f4f1767652d5ed89181273166f643adca0e9827248bab32b6a29880d29a56b0c4145a0342524d4135999ee97a5a4bd315c478fd819cd8e7f52727b29400ce
-
SSDEEP
768:WeFw26VwKJ8f9B+P1rtqQ93XSCBvb5Heghl5:fw26VwK+9GtP9nSyb5Heg
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2092 wrote to memory of 2004 2092 rundll32.exe 30 PID 2092 wrote to memory of 2004 2092 rundll32.exe 30 PID 2092 wrote to memory of 2004 2092 rundll32.exe 30 PID 2092 wrote to memory of 2004 2092 rundll32.exe 30 PID 2092 wrote to memory of 2004 2092 rundll32.exe 30 PID 2092 wrote to memory of 2004 2092 rundll32.exe 30 PID 2092 wrote to memory of 2004 2092 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\QvodPlayer\Codecs\ff_liba52.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\QvodPlayer\Codecs\ff_liba52.dll,#12⤵PID:2004
-