Overview

overview

7

Static

static

3

ffdec_21.0...up.exe

windows7-x64

7

ffdec_21.0...up.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

ffdec.bat

windows7-x64

1

ffdec.bat

windows10-2004-x64

7

ffdec.exe

windows7-x64

3

ffdec.exe

windows10-2004-x64

7

ffdec.jar

windows7-x64

1

ffdec.jar

windows10-2004-x64

7

lib/JavactiveX.jar

windows7-x64

1

lib/JavactiveX.jar

windows10-2004-x64

1

lib/LZMA.jar

windows7-x64

1

lib/LZMA.jar

windows10-2004-x64

1

lib/avi.jar

windows7-x64

1

lib/avi.jar

windows10-2004-x64

1

lib/cmykjpeg.jar

windows7-x64

1

lib/cmykjpeg.jar

windows10-2004-x64

1

lib/ddsreader.jar

windows7-x64

1

lib/ddsreader.jar

windows10-2004-x64

1

lib/decimal.jar

windows7-x64

1

lib/decimal.jar

windows10-2004-x64

1

lib/ffdec_lib.jar

windows7-x64

1

lib/ffdec_lib.jar

windows10-2004-x64

1

lib/flamingo-6.2.jar

windows7-x64

1

lib/flamingo-6.2.jar

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffdec.bat

  • Size

    786B

  • MD5

    128f871f94216f847a3f119e333f1940

  • SHA1

    955a125f9594199fccbdeca60c630e8f3e15f365

  • SHA256

    12b1b10c3b375720eb3d90b42cfa43e0771d0997e0d94cf304b81d058164fd32

  • SHA512

    de1da5b61ed289177aab1097831f0ac93a79893ca5d2b5a8604d452aaed0398c750fcee93b83b45ff891d2155806410ebe16ab610cec1898c043b81f87c4aa89

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ffdec.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
      java -Xmx1024m -Djna.nosys=true -jar "C:\Users\Admin\AppData\Local\Temp\\ffdec.jar"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\jna-Admin\jna5408202487551848696.dll
    Filesize

    190KB

    MD5

    3cfe09aa1c4e999fedb2a995428e4de3

    SHA1

    e501129a110431c3a7bc60576a19eef2ba984356

    SHA256

    3f7553803b33b999e313ed4a069ae9872c595038fe35a54c053a1b19d89dcfad

    SHA512

    320f4497197b1b7b752471f16d2fad0eacc45160219ce774ff0bb534f504fedb73e991af0c7268e8f1195ce75cbbfedc8b9c19ec31afb4b14e9673ac9c40b1db

    Download Submit

  • memory/4856-2-0x000001EA20D20000-0x000001EA20F90000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4856-12-0x000001EA20D00000-0x000001EA20D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4856-16-0x000001EA20F90000-0x000001EA20FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-26-0x000001EA20FA0000-0x000001EA20FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-28-0x000001EA20FB0000-0x000001EA20FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-30-0x000001EA20FC0000-0x000001EA20FD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-32-0x000001EA20FD0000-0x000001EA20FE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-37-0x000001EA20FE0000-0x000001EA20FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-39-0x000001EA20FF0000-0x000001EA21000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-42-0x000001EA21000000-0x000001EA21010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-43-0x000001EA21010000-0x000001EA21020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-47-0x000001EA21020000-0x000001EA21030000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-49-0x000001EA20F90000-0x000001EA20FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-48-0x000001EA21030000-0x000001EA21040000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-46-0x000001EA20D20000-0x000001EA20F90000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4856-53-0x000001EA21040000-0x000001EA21050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-52-0x000001EA20FA0000-0x000001EA20FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-54-0x000001EA20D00000-0x000001EA20D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4856-57-0x000001EA20FB0000-0x000001EA20FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-58-0x000001EA21050000-0x000001EA21060000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-61-0x000001EA21060000-0x000001EA21070000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-60-0x000001EA20FC0000-0x000001EA20FD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-64-0x000001EA20FD0000-0x000001EA20FE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-65-0x000001EA21070000-0x000001EA21080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-67-0x000001EA20FE0000-0x000001EA20FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-68-0x000001EA21080000-0x000001EA21090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-71-0x000001EA21090000-0x000001EA210A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-70-0x000001EA20FF0000-0x000001EA21000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-75-0x000001EA21000000-0x000001EA21010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-76-0x000001EA210A0000-0x000001EA210B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-79-0x000001EA210B0000-0x000001EA210C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-78-0x000001EA21010000-0x000001EA21020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-82-0x000001EA210C0000-0x000001EA210D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-81-0x000001EA21020000-0x000001EA21030000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-85-0x000001EA210D0000-0x000001EA210E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-84-0x000001EA21030000-0x000001EA21040000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-92-0x000001EA210E0000-0x000001EA210F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-91-0x000001EA21040000-0x000001EA21050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-95-0x000001EA210F0000-0x000001EA21100000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-94-0x000001EA21050000-0x000001EA21060000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-98-0x000001EA21100000-0x000001EA21110000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-97-0x000001EA21060000-0x000001EA21070000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-103-0x000001EA21070000-0x000001EA21080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-104-0x000001EA21110000-0x000001EA21120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-106-0x000001EA20D00000-0x000001EA20D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4856-111-0x000001EA21080000-0x000001EA21090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-112-0x000001EA21120000-0x000001EA21130000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-113-0x000001EA20D00000-0x000001EA20D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4856-114-0x000001EA20D00000-0x000001EA20D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4856-116-0x000001EA21090000-0x000001EA210A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-117-0x000001EA21130000-0x000001EA21140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-120-0x000001EA210A0000-0x000001EA210B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-121-0x000001EA21140000-0x000001EA21150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-123-0x000001EA21150000-0x000001EA21160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-122-0x000001EA210B0000-0x000001EA210C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-128-0x000001EA210C0000-0x000001EA210D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-132-0x000001EA210D0000-0x000001EA210E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-131-0x000001EA21180000-0x000001EA21190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-130-0x000001EA21170000-0x000001EA21180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-129-0x000001EA21160000-0x000001EA21170000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-135-0x000001EA21190000-0x000001EA211A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-134-0x000001EA210E0000-0x000001EA210F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-146-0x000001EA21110000-0x000001EA21120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-145-0x000001EA211D0000-0x000001EA211E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-144-0x000001EA21100000-0x000001EA21110000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-149-0x000001EA211E0000-0x000001EA211F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-148-0x000001EA21120000-0x000001EA21130000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-153-0x000001EA21130000-0x000001EA21140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-160-0x000001EA21150000-0x000001EA21160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-165-0x000001EA21170000-0x000001EA21180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-166-0x000001EA21180000-0x000001EA21190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-167-0x000001EA21240000-0x000001EA21250000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-164-0x000001EA21160000-0x000001EA21170000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-162-0x000001EA21230000-0x000001EA21240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-161-0x000001EA21220000-0x000001EA21230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-157-0x000001EA21140000-0x000001EA21150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-156-0x000001EA21210000-0x000001EA21220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-155-0x000001EA21200000-0x000001EA21210000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-154-0x000001EA211F0000-0x000001EA21200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-143-0x000001EA211C0000-0x000001EA211D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-142-0x000001EA211B0000-0x000001EA211C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-141-0x000001EA211A0000-0x000001EA211B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-140-0x000001EA210F0000-0x000001EA21100000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-170-0x000001EA21250000-0x000001EA21260000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-169-0x000001EA21190000-0x000001EA211A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-175-0x000001EA21260000-0x000001EA21270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-174-0x000001EA211C0000-0x000001EA211D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-173-0x000001EA211B0000-0x000001EA211C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-172-0x000001EA211A0000-0x000001EA211B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-177-0x000001EA21270000-0x000001EA21280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-179-0x000001EA211D0000-0x000001EA211E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-180-0x000001EA21280000-0x000001EA21290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-183-0x000001EA21290000-0x000001EA212A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-182-0x000001EA211E0000-0x000001EA211F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-189-0x000001EA212A0000-0x000001EA212B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-188-0x000001EA21210000-0x000001EA21220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-187-0x000001EA21200000-0x000001EA21210000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-186-0x000001EA211F0000-0x000001EA21200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-191-0x000001EA212B0000-0x000001EA212C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-194-0x000001EA21220000-0x000001EA21230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-195-0x000001EA21230000-0x000001EA21240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-250-0x000001EA20D00000-0x000001EA20D01000-memory.dmp

    Filesize

    4KB

    Download