Overview
overview
9Static
static
9e9999338d7...18.exe
windows7-x64
7e9999338d7...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/2345...te.exe
windows7-x64
7$TEMP/2345...te.exe
windows10-2004-x64
7$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows7-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$R0.dll
windows7-x64
7$R0.dll
windows10-2004-x64
72345BatchRename.dll
windows7-x64
12345BatchRename.dll
windows10-2004-x64
12345EditorApp.dll
windows7-x64
12345EditorApp.dll
windows10-2004-x64
12345Extract.dll
windows7-x64
12345Extract.dll
windows10-2004-x64
12345Image.dll
windows7-x64
12345Image.dll
windows10-2004-x64
12345ImageApp.dll
windows7-x64
12345ImageApp.dll
windows10-2004-x64
12345ImageCapture.dll
windows7-x64
12345ImageCapture.dll
windows10-2004-x64
1General
-
Target
e9999338d731bae38d1a91da59111fc1_JaffaCakes118
-
Size
51.2MB
-
Sample
240918-vsazratcln
-
MD5
e9999338d731bae38d1a91da59111fc1
-
SHA1
b71f0e873e072d507afb793e3b23c243598d6b1d
-
SHA256
845aa574b8599bd297bf4978f4e2073b5a90e0abb43ee0a79fcf9d516f6bb9d8
-
SHA512
3548653d14cbcbf80433251788a183bdeec438cec5dd427f67be12ebf00c222941abc63591fa64913ca7e620990820e48ab0678ae2f18582c93c9fa53b1102ba
-
SSDEEP
786432:Q8fIhAxuXdxxVtifKlJnO5A7IP0Pl7zWeKBF9t3ZxJMQt/qClV:Q8AmxuXdnVt6Kq5A7IsdfCBF733IoV
Behavioral task
behavioral1
Sample
e9999338d731bae38d1a91da59111fc1_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e9999338d731bae38d1a91da59111fc1_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$TEMP/2345pic_duote.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
$TEMP/2345pic_duote.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/FileInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/FileInfo.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/RCWidgetPlugin.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/RCWidgetPlugin.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$R0.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$R0.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
2345BatchRename.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
2345BatchRename.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
2345EditorApp.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
2345EditorApp.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
2345Extract.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
2345Extract.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
2345Image.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
2345Image.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
2345ImageApp.dll
Resource
win7-20240729-en
Behavioral task
behavioral30
Sample
2345ImageApp.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
2345ImageCapture.dll
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
2345ImageCapture.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
e9999338d731bae38d1a91da59111fc1_JaffaCakes118
-
Size
51.2MB
-
MD5
e9999338d731bae38d1a91da59111fc1
-
SHA1
b71f0e873e072d507afb793e3b23c243598d6b1d
-
SHA256
845aa574b8599bd297bf4978f4e2073b5a90e0abb43ee0a79fcf9d516f6bb9d8
-
SHA512
3548653d14cbcbf80433251788a183bdeec438cec5dd427f67be12ebf00c222941abc63591fa64913ca7e620990820e48ab0678ae2f18582c93c9fa53b1102ba
-
SSDEEP
786432:Q8fIhAxuXdxxVtifKlJnO5A7IP0Pl7zWeKBF9t3ZxJMQt/qClV:Q8AmxuXdnVt6Kq5A7IsdfCBF733IoV
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
b18dfaded8f6d2380fdfd8f6b6969211
-
SHA1
969fa0e906240ab1123254feeb833c275626cf76
-
SHA256
747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58
-
SHA512
25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c
-
SSDEEP
192:66JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTLK72dwF7dBdcQOz:66JaVh4I5rpPbTL+BdhO
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
9b17a13f814b137f88b961c087858063
-
SHA1
c290dd3139b79aa340aec3ed3d674160433035e1
-
SHA256
e54792a179a06acbb9b69c117ee804dce070505d1853d6e7d512f2a055a801b2
-
SHA512
3a625f5f13e344c24973c79c074d1ced4d9206f87f392dc7c8f0c116d0f2b878b60340e2377d0240c47f0e34e25e4e3af8b196bbca1c6a29a0f51d8408e8b0ec
-
SSDEEP
48:SnNQ/z+vUML8eYXICmlmGYKHz0JSpXSxwo6mpwzcR3RqG8aEJcABofgMGKO:Bz+MM4eqmvz0JScx56mpwzAhWcGV
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
810f3a0aefe36a9f63e29e604bea91a9
-
SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80
-
SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779
-
SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb
-
SSDEEP
192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar
Score3/10 -
-
-
Target
$TEMP/2345pic_duote.exe
-
Size
12.0MB
-
MD5
13a7e00683c5ea8aae932f1f0ee9d47d
-
SHA1
2c19b41d36c17b4d2ec027b8d52828c03e18fd27
-
SHA256
c576ae37c023742be2fdd09eba5b6795733a31111dfa9c8c9afc3957fed43c7f
-
SHA512
1afa58168c9dee19668d05428f7d0cf8b94bdda01fb27b9d401a81e38ac3001bbd6dc213943e3aad9ac4d1f08f55b48f28160026719df69d8179a754cbb3268b
-
SSDEEP
393216:p51Ixv+RVQLrxSV+FLgtxXK3KvB7Fhsle:/1i+VKQVntvB7Fyle
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/FileInfo.dll
-
Size
111KB
-
MD5
e3b11d137aaffa7871a3033288259a89
-
SHA1
44c222b5ea9ba41989cb1402a52571d175328878
-
SHA256
b8c4451ebe81264600adadd1c1dc604cd974b99a0788c2249ee426398fafd9f7
-
SHA512
087836b2ce6e4a51c29574cab1b16c8bcee2a1fca9b10111f8b78984b58509cee65bfbc31b21c572d5a879606e5c7d88875988700ddc293ffcb36f2297a6401c
-
SSDEEP
1536:Xz60kHrpisDjyZABSnLre1k78gnrzMxC2ND7U+11cVsWjcd3QMpzlhRJwJBGjp:DsHr7jyZa1k7FvuZy+1F3QMpzXkJup
Score3/10 -
-
-
Target
$PLUGINSDIR/RCWidgetPlugin.dll
-
Size
1.2MB
-
MD5
d65d2f13a0a12f877ae41397e974f2bb
-
SHA1
960ad723bd77be86d431cb8f8b16d86076325bf4
-
SHA256
c4edad9de811b67afe078ab4af77c881e532dc532f470d9dbb2392c91eeb1208
-
SHA512
b8388aab96ff0d2e915d1cb5cad4c36e3a353bdba8696c9dfe803b565ccf21585d4b9d2bf9d73767b0ad63bdb1804715d8e05634660e581f73c6f1218ca925ef
-
SSDEEP
24576:g20l9qUvD1uQkIylzaG3uSAIUF+ZWnFrj0Wbd2kzjgHr:GmUvUQFoaG3GIgRnFc4u
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
18KB
-
MD5
b22e97f113fa16668c8443e3115c6fc6
-
SHA1
48ea020dec838c2207df7b8aa60ea4f666a32564
-
SHA256
336d7bc4f7ace28197c1dc6daa81bfbca0b3df731ef9de268ee1568c9c24f339
-
SHA512
8ea593a4adf1a4dc4d838aa49f55c36a743cef541f0b4ca02835b6d90b303761f95da1e8505fd31a4fee21a563a1d6c64c7cc2ed1c5f9a61d4cf6898419613a1
-
SSDEEP
384:t4JoiO8V2upW7vQjS/WndpkEYPL/r8yCeMl:qJzO8V2uovQjhIEGjo
Score3/10 -
-
-
Target
$R0
-
Size
6.1MB
-
MD5
5faed9ef84b13de2f8d37f544402d28b
-
SHA1
9bc9df07ad35357ef225d053e31a5d52f48905fe
-
SHA256
fdb8a9460b1d107a220141149820480cd666879ff37cdb014c40e352165db578
-
SHA512
a9a029dfbb2c9eae4de54c59528f24dafee7e6e1a6a189f242178397a21e32966a934972fb5fb6fcaab845b71b09e7728366c6aeaa6e1872feb82895e653696d
-
SSDEEP
49152:j09t9iBL2FBw3PgeCX/GFk/r7cwoyNpcdURNhNuEcqwTgGRGB/A2O/R0lfQgGTKY:Ow3JEVsKlY/KY
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
2345BatchRename.dll
-
Size
184KB
-
MD5
afbf0227aaccefd3a45ccaefad647115
-
SHA1
d92bc4464ed3e5f26ce6215df2c5b5a9fd9c3748
-
SHA256
3ef12c046fdc30952b89bffe59505e8100d055a81fd692c51c467a120946b954
-
SHA512
85a0ce12c8a2bb08b93bd027e4d63361390904b56fb47a76cc80b71ac23b90a6fb2e63cc57609056190087fcee5cd9840af54f76bdd5237246aae27a8606487a
-
SSDEEP
3072:888hlBTrGYiH0sUA8RNpZV3FMnqqRPcek4BNTG3giLz75k/kp:88oVrpiHA9YPPcezBNq3giL5p
Score1/10 -
-
-
Target
2345EditorApp.dll
-
Size
2.0MB
-
MD5
422cde69a975fc62fdd617caa953e395
-
SHA1
629db24c354dd887a3f72efc907c31bedd95c405
-
SHA256
89ea580bfb4f52fe36132290fde7c0294812d84b9346be3943d266156103d38a
-
SHA512
93a1b2a7957b4f65ba21901d35fdebb1f992d7cd1bc698a3f2d82c263108c867c0da7335c98071dedb149593cfb3d32d20b921ae2d629911c2f8806863805e55
-
SSDEEP
24576:/NQPRIIb4DohGZ9pijkHpQFjDmjL7oGfQeZW4IfO48ehxsaeYMI7zHM+j/:afK9pijkNURNhxsaeYMIHM+j/
Score1/10 -
-
-
Target
2345Extract.dll
-
Size
523KB
-
MD5
80570cca51617880f8a4f4b8730325f3
-
SHA1
c2c4b4cf8bffcc65793ee305daa6844b98df5a38
-
SHA256
09475cffe0101b4fa506a82a48632a95ed06d265bcee3fa71e1468520469633a
-
SHA512
e9c2b6989d2450e953f578cefea21d747fac40c2fc65ce662a46a8dd18e1bb11b274203e2276407e7aac6a6552c3c5d86c4c9a9afa888b8dc5966a0b68b4c923
-
SSDEEP
6144:awWVS0h0axho4LhKX3YDkK1x47lmcyyq61NEuqhCvmWc++q2Aql:jEiaxhBLhxd47lmcyyqMEuqh4Jl2Aql
Score1/10 -
-
-
Target
2345Image.dll
-
Size
2.4MB
-
MD5
fde41a975bb09e6d726481553f049a9e
-
SHA1
bc0104926b159aeac3e99a46e48556c1103282ff
-
SHA256
2ff65d7a1091cf5faceef1784b06efbe223813d6fadb40416b1196222de7b6e9
-
SHA512
34005f7526c69f4a15c4170d3dc0ce4afddda4e25f8a7df11f7910826cf80e9cd3d65db7d7e860b9d3ad9a714ceac522718844e09cc254f5edcc962ebb9749b7
-
SSDEEP
49152:XmzrWTSWH8gRrPPtkO6Y3GbOFEqXlTkjugw+eFQ:WrW2/gRrX6YI7f
Score1/10 -
-
-
Target
2345ImageApp.dll
-
Size
4.1MB
-
MD5
6b3fd73fdbeb07ede85d8d7fc631862f
-
SHA1
1756893b74fd82de9158a72715e07497db9b5393
-
SHA256
839636dac8ebb052501ac56115b16818c886bb1c54c27681c6eea093da5054d2
-
SHA512
0fd174e21bb75502f312c0640ff0ca4a3c67c4395357f9f380d6b2250dcc1c200e72506c392e3cd91d2cd0d347c4ac7d8b93c5ca72e4da0e694a7d73f6297d7d
-
SSDEEP
49152:dbDXRGQXkIXf+feQNAZPUxgLYNwt1fdTw0PCUEGeEkWVWXRLdE/NHCXg:dbdXkIXf+LNACxgLYKnaAeG
Score1/10 -
-
-
Target
2345ImageCapture.dll
-
Size
329KB
-
MD5
47042284dda7be9bf9e1cc1ad22f75c3
-
SHA1
d208381e7aa59fa0ea2fb4a3cb8a3ba165a67a97
-
SHA256
ea34fa1a7b33b1d2b8b87f6b6256991c8d8725d10457b8d12cf0ea5630b110da
-
SHA512
6a0d1f441e9ba69277876df9049792406de570ef7eb4b6cc011c4570c6e1b7c6356971afdfd083fce535b9add74004de7cc8d2f898a932961e395f3242bef9e6
-
SSDEEP
3072:GEnWDYILq/a4rGaR1vdu+IhXb9lrggggjDPHnrLxacLVjXAk:BWIa4ZR1ctPrggggfPHJnVjXZ
Score1/10 -