Overview
overview
3Static
static
3dadc86b707...18.exe
windows7-x64
3dadc86b707...18.exe
windows10-2004-x64
3$PLUGINSDI...64.dll
windows7-x64
3$PLUGINSDI...64.dll
windows10-2004-x64
3$PLUGINSDI...RL.dll
windows7-x64
3$PLUGINSDI...RL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3AddIn/VisLrc.dll
windows7-x64
3AddIn/VisLrc.dll
windows10-2004-x64
3Codecs/Col...er.dll
windows7-x64
3Codecs/Col...er.dll
windows10-2004-x64
3Codecs/asf...er.dll
windows7-x64
3Codecs/asf...er.dll
windows10-2004-x64
3Codecs/atrc.dll
windows7-x64
3Codecs/atrc.dll
windows10-2004-x64
3Codecs/drvc.dll
windows7-x64
3Codecs/drvc.dll
windows10-2004-x64
3Codecs/raac.dll
windows7-x64
3Codecs/raac.dll
windows10-2004-x64
3Feidianol.exe
windows7-x64
3Feidianol.exe
windows10-2004-x64
3MyUpdate.exe
windows7-x64
1MyUpdate.exe
windows10-2004-x64
3NetAgent.dll
windows7-x64
3NetAgent.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11/09/2024, 17:28
Static task
static1
Behavioral task
behavioral1
Sample
dadc86b707f62245a335bf501ec9a124_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dadc86b707f62245a335bf501ec9a124_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Base64.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Base64.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/BrandingURL.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/BrandingURL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/blowfish.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/blowfish.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
AddIn/VisLrc.dll
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
AddIn/VisLrc.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral17
Sample
Codecs/ColorFilter.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
Codecs/ColorFilter.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Codecs/asfsplliter.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
Codecs/asfsplliter.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Codecs/atrc.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Codecs/atrc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Codecs/drvc.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Codecs/drvc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Codecs/raac.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Codecs/raac.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Feidianol.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Feidianol.exe
Resource
win10v2004-20240910-en
Behavioral task
behavioral29
Sample
MyUpdate.exe
Resource
win7-20240729-en
Behavioral task
behavioral30
Sample
MyUpdate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
NetAgent.dll
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
NetAgent.dll
Resource
win10v2004-20240802-en
General
-
Target
Feidianol.exe
-
Size
152KB
-
MD5
07f74b8821e40c92a718d0d612389769
-
SHA1
656e23ba84c9611bc3296437fa350bbc1811eb74
-
SHA256
44d1171ef9a4c9f1d460b8372110804b59720a0efd0871f2bdf822f0729846a5
-
SHA512
9d8ff6ed4c1bf87b2356ab02d302625ff80abc8de2e3cc0310bc4977cc6b0f488ca17ebff4fb1db4d587440d106aab6ad9173b142b1abd936f4a42782fb74bc6
-
SSDEEP
1536:6ZdWqhc6geFLeyZGf0QIRGZA94x9o7y1la+IK:obgeoM7J9o9o7y1
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Feidianol.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main Feidianol.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch Feidianol.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" Feidianol.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe 1984 Feidianol.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1984 Feidianol.exe 1984 Feidianol.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Feidianol.exe"C:\Users\Admin\AppData\Local\Temp\Feidianol.exe"1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\errorPageStrings[1]
Filesize2KB
MD5e3e4a98353f119b80b323302f26b78fa
SHA120ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA2569466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee