Overview
overview
7Static
static
7c8172e6486...18.exe
windows7-x64
7c8172e6486...18.exe
windows10-2004-x64
7$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...nd.dll
windows7-x64
3$PLUGINSDI...nd.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...om.dll
windows7-x64
7$PLUGINSDI...om.dll
windows10-2004-x64
7$TEMP/$_9_...in.dll
windows7-x64
3$TEMP/$_9_...in.dll
windows10-2004-x64
37za.exe
windows7-x64
37za.exe
windows10-2004-x64
3Greening.dll
windows7-x64
3Greening.dll
windows10-2004-x64
3NsisPlugin.dll
windows7-x64
3NsisPlugin.dll
windows10-2004-x64
3aq7z.dll
windows7-x64
3aq7z.dll
windows10-2004-x64
3aqhttp.dll
windows7-x64
3aqhttp.dll
windows10-2004-x64
3flashplaye...ug.exe
windows7-x64
3flashplaye...ug.exe
windows10-2004-x64
3flashplaye...it.exe
windows7-x64
3flashplaye...it.exe
windows10-2004-x64
3Խ�...��.exe
windows7-x64
3Խ�...��.exe
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
29-08-2024 02:40
Behavioral task
behavioral1
Sample
c8172e64861bb97e51fc9b5543ba55fe_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
c8172e64861bb97e51fc9b5543ba55fe_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/MyNsisExtend.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/MyNsisExtend.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$TEMP/$_9_/MyNsisSkin.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
$TEMP/$_9_/MyNsisSkin.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
7za.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
7za.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Greening.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral18
Sample
Greening.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
NsisPlugin.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
NsisPlugin.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
aq7z.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
aq7z.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
aqhttp.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
aqhttp.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
flashplayer_10_sa_debug.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral26
Sample
flashplayer_10_sa_debug.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
flashplayer_11_sa_debug_32bit.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
flashplayer_11_sa_debug_32bit.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Խ֮ǹа.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
Խ֮ǹа.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
flashplayer_10_sa_debug.exe
-
Size
6.5MB
-
MD5
3665e31c5653d901ebe91aae996a8530
-
SHA1
6bc5727f1df7c7f12f0b5645d277a5b721be2d4e
-
SHA256
8a2b1fb21ef790c487c84c86274e67917bf7d258fe0b43f4132c1e33da402c90
-
SHA512
3e2d346a8ebc514249028dded739e99644f5b1bbf1ac8ba5938e1c45d5f47fd1dab8d43b97e8949a05c365278b374c2bddadfd561ba93097390f38d4145ccc67
-
SSDEEP
196608:gcFfSYaBd1U22l8oG8qbfTmkstz3IRNPsD9cV:N6YN3GBmkstz3p9G
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language flashplayer_10_sa_debug.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 flashplayer_10_sa_debug.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz flashplayer_10_sa_debug.exe -
Modifies registry class 43 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe\" %1" flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.spl\ = "ShockwaveFlash.ShockwaveFlash" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe\" %1" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.f4p flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe,-205" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.swf flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe,-203" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.f4a flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe\" %1" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe,-204" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.f4a\ = "FlashPlayer.AudioForFlashPlayer" flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.f4p\ = "FlashPlayer.ProtectedMediaForFlashPlayer" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.spl flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe,-202" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe,-608" flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe\" %1" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon flashplayer_10_sa_debug.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_10_sa_debug.exe\" %1" flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell flashplayer_10_sa_debug.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open flashplayer_10_sa_debug.exe