Overview
overview
7Static
static
7c8172e6486...18.exe
windows7-x64
7c8172e6486...18.exe
windows10-2004-x64
7$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...nd.dll
windows7-x64
3$PLUGINSDI...nd.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...om.dll
windows7-x64
7$PLUGINSDI...om.dll
windows10-2004-x64
7$TEMP/$_9_...in.dll
windows7-x64
3$TEMP/$_9_...in.dll
windows10-2004-x64
37za.exe
windows7-x64
37za.exe
windows10-2004-x64
3Greening.dll
windows7-x64
3Greening.dll
windows10-2004-x64
3NsisPlugin.dll
windows7-x64
3NsisPlugin.dll
windows10-2004-x64
3aq7z.dll
windows7-x64
3aq7z.dll
windows10-2004-x64
3aqhttp.dll
windows7-x64
3aqhttp.dll
windows10-2004-x64
3flashplaye...ug.exe
windows7-x64
3flashplaye...ug.exe
windows10-2004-x64
3flashplaye...it.exe
windows7-x64
3flashplaye...it.exe
windows10-2004-x64
3Խ�...��.exe
windows7-x64
3Խ�...��.exe
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
29-08-2024 02:40
Behavioral task
behavioral1
Sample
c8172e64861bb97e51fc9b5543ba55fe_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
c8172e64861bb97e51fc9b5543ba55fe_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/MyNsisExtend.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/MyNsisExtend.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$TEMP/$_9_/MyNsisSkin.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
$TEMP/$_9_/MyNsisSkin.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
7za.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
7za.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Greening.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral18
Sample
Greening.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
NsisPlugin.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
NsisPlugin.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
aq7z.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
aq7z.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
aqhttp.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
aqhttp.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
flashplayer_10_sa_debug.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral26
Sample
flashplayer_10_sa_debug.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
flashplayer_11_sa_debug_32bit.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
flashplayer_11_sa_debug_32bit.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Խ֮ǹа.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
Խ֮ǹа.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
flashplayer_11_sa_debug_32bit.exe
-
Size
8.9MB
-
MD5
aa504203f63dce187b370924c3d2e1b8
-
SHA1
b6f47758f394a85cf7b4912d1e15b5e56e3b9d45
-
SHA256
b430688b6f1c9796c69a4dd5df0c79533d5ce4c338bf5cf46b18afe745c16f76
-
SHA512
d7492611ad8532e88490fd9eaaf93938263a4374da0f40c2672cebcd22b085d580c229f882450dd6b3be5e0219ded1c7bef0b34cba45b4678846192dabee8257
-
SSDEEP
196608:YaaEBKG9DhK5MnCMm4qCVeiuHMco+q15Fq+/0s/O4:YfEZ7Vm1iuo+q1Ts4
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language flashplayer_11_sa_debug_32bit.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 flashplayer_11_sa_debug_32bit.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz flashplayer_11_sa_debug_32bit.exe -
Modifies registry class 43 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.swf flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe\" %1" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe\" %1" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe,-202" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.f4a\ = "FlashPlayer.AudioForFlashPlayer" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.f4p flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.spl flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe,-205" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe,-204" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.f4a flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.f4p\ = "FlashPlayer.ProtectedMediaForFlashPlayer" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe,-203" flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe\" %1" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe\" %1" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.spl\ = "ShockwaveFlash.ShockwaveFlash" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe\" %1" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon flashplayer_11_sa_debug_32bit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\flashplayer_11_sa_debug_32bit.exe,-608" flashplayer_11_sa_debug_32bit.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open flashplayer_11_sa_debug_32bit.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
Filesize407B
MD51c67c593841ddf3960ad507bd8b50689
SHA1760b679630cec7ded603bdab6136990f2f416224
SHA2568b44923b6e9ac702f506ad896c3b1708badaf8bd3a285a4f3b73bdfece9d2af4
SHA5123859592a5fa4c008d7270e31eabfa7e5b28998a951b134df153d845f2f7f44ae5fa66f97489e036acad8e701b730dfa9b214e10c151dad476fbd8c86a8d4b838