Overview
overview
6Static
static
3668c494f74...18.exe
windows7-x64
3668c494f74...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PROGRAMFI...ax.dll
windows7-x64
1$PROGRAMFI...ax.dll
windows10-2004-x64
1$PROGRAMFI...ax.dll
windows7-x64
1$PROGRAMFI...ax.dll
windows10-2004-x64
1$PROGRAMFI...ax.dll
windows7-x64
1$PROGRAMFI...ax.dll
windows10-2004-x64
1$PROGRAMFI...ok.dll
windows7-x64
1$PROGRAMFI...ok.dll
windows10-2004-x64
1$PROGRAMFI...vc.dll
windows7-x64
1$PROGRAMFI...vc.dll
windows10-2004-x64
1$PROGRAMFI...nt.dll
windows7-x64
3$PROGRAMFI...nt.dll
windows10-2004-x64
3$PROGRAMFI...nd.dll
windows7-x64
1$PROGRAMFI...nd.dll
windows10-2004-x64
1$PROGRAMFI...nd.dll
windows7-x64
6$PROGRAMFI...nd.dll
windows10-2004-x64
6$PROGRAMFI...it.exe
windows7-x64
1$PROGRAMFI...it.exe
windows10-2004-x64
1$PROGRAMFI...rt.dll
windows7-x64
1$PROGRAMFI...rt.dll
windows10-2004-x64
1$PROGRAMFI...er.exe
windows7-x64
1$PROGRAMFI...er.exe
windows10-2004-x64
1$PROGRAMFI...al.exe
windows7-x64
1$PROGRAMFI...al.exe
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23-07-2024 06:50
Static task
static1
Behavioral task
behavioral1
Sample
668c494f743d785a1b73026414d958e4_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
668c494f743d785a1b73026414d958e4_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PROGRAMFILES/QvodPlayer/Codecs/ColorFilter.ax.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
$PROGRAMFILES/QvodPlayer/Codecs/ColorFilter.ax.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PROGRAMFILES/QvodPlayer/Codecs/RealMediaSplitter.ax.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
$PROGRAMFILES/QvodPlayer/Codecs/RealMediaSplitter.ax.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PROGRAMFILES/QvodPlayer/Codecs/asfsplliter.ax.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral14
Sample
$PROGRAMFILES/QvodPlayer/Codecs/asfsplliter.ax.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PROGRAMFILES/QvodPlayer/Codecs/cook.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
$PROGRAMFILES/QvodPlayer/Codecs/cook.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PROGRAMFILES/QvodPlayer/Codecs/drvc.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
$PROGRAMFILES/QvodPlayer/Codecs/drvc.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PROGRAMFILES/QvodPlayer/NetAgent.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
$PROGRAMFILES/QvodPlayer/NetAgent.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PROGRAMFILES/QvodPlayer/QvodBand.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
$PROGRAMFILES/QvodPlayer/QvodBand.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PROGRAMFILES/QvodPlayer/QvodExtend.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
$PROGRAMFILES/QvodPlayer/QvodExtend.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$PROGRAMFILES/QvodPlayer/QvodInit.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral26
Sample
$PROGRAMFILES/QvodPlayer/QvodInit.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$PROGRAMFILES/QvodPlayer/QvodInsert.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
$PROGRAMFILES/QvodPlayer/QvodInsert.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PROGRAMFILES/QvodPlayer/QvodPlayer.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
$PROGRAMFILES/QvodPlayer/QvodPlayer.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$PROGRAMFILES/QvodPlayer/QvodTerminal.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
$PROGRAMFILES/QvodPlayer/QvodTerminal.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
$PROGRAMFILES/QvodPlayer/QvodBand.dll
-
Size
85KB
-
MD5
1b1bdb8295c4a1705f92dea9bef53efb
-
SHA1
5f3790e649e44d98f18c3508b39952f65422796c
-
SHA256
104b370f1e7c3c014c54b41cd196e4922e4005a3b3ac7eb318c57047df13bf4e
-
SHA512
26c2f5376e0ff3ff0e00b18fe87388a777c4658d752d2a9b130408842f166b304828af656756d43ef5521c8ac595b19f28f714589177971dcbbcca08caf840af
-
SSDEEP
1536:fxsS1aqWpd53AtTNfvJrXffRqVCR474T1lLyNrT3UM:fOSUqhPvZXfYvET1lLyNrT3p
Malware Config
Signatures
-
Modifies registry class 7 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\QvodMenu regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\QvodMenu\ = "{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}\ = "QvodMenu" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\$PROGRAMFILES\\QvodPlayer\\QvodBand.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1940 wrote to memory of 3024 1940 regsvr32.exe 30 PID 1940 wrote to memory of 3024 1940 regsvr32.exe 30 PID 1940 wrote to memory of 3024 1940 regsvr32.exe 30 PID 1940 wrote to memory of 3024 1940 regsvr32.exe 30 PID 1940 wrote to memory of 3024 1940 regsvr32.exe 30 PID 1940 wrote to memory of 3024 1940 regsvr32.exe 30 PID 1940 wrote to memory of 3024 1940 regsvr32.exe 30
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\QvodPlayer\QvodBand.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\QvodPlayer\QvodBand.dll2⤵
- Modifies registry class
PID:3024
-