Overview
overview
10Static
static
101a204aea28...18.exe
windows7-x64
71a204aea28...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3PBWS32.dll
windows7-x64
3PBWS32.dll
windows10-2004-x64
3baro.exe
windows7-x64
3baro.exe
windows10-2004-x64
3dll/FreeImage.dll
windows7-x64
3dll/FreeImage.dll
windows10-2004-x64
3dll/Interop.WIA.dll
windows7-x64
1dll/Interop.WIA.dll
windows10-2004-x64
1dll/Markup...er.dll
windows7-x64
1dll/Markup...er.dll
windows10-2004-x64
1dll/PdfSharp.dll
windows7-x64
1dll/PdfSharp.dll
windows10-2004-x64
1dll/RegAsm.exe
windows7-x64
3dll/RegAsm.exe
windows10-2004-x64
dll/SDD_TW...ER.dll
windows7-x64
3dll/SDD_TW...ER.dll
windows10-2004-x64
3dll/Saraff.Twain.dll
windows7-x64
1dll/Saraff.Twain.dll
windows10-2004-x64
1dll/System...ng.dll
windows7-x64
1dll/System...ng.dll
windows10-2004-x64
1dll/UzakYardim.exe
windows7-x64
10dll/UzakYardim.exe
windows10-2004-x64
10dll/WinSCP.exe
windows7-x64
6dll/WinSCP.exe
windows10-2004-x64
7Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
06-10-2024 22:48
Behavioral task
behavioral1
Sample
1a204aea28908b5230ae51c6fbff9ec0_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1a204aea28908b5230ae51c6fbff9ec0_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/advsplash.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/advsplash.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
PBWS32.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
PBWS32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
baro.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
baro.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
dll/FreeImage.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
dll/FreeImage.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
dll/Interop.WIA.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
dll/Interop.WIA.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
dll/MarkupConverter.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
dll/MarkupConverter.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral19
Sample
dll/PdfSharp.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
dll/PdfSharp.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
dll/RegAsm.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
dll/RegAsm.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
dll/SDD_TWAIN_SCANNER.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
dll/SDD_TWAIN_SCANNER.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
dll/Saraff.Twain.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
dll/Saraff.Twain.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
dll/System.Drawing.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
dll/System.Drawing.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
dll/UzakYardim.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
dll/UzakYardim.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
dll/WinSCP.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
dll/WinSCP.exe
Resource
win10v2004-20240802-en
General
-
Target
dll/WinSCP.exe
-
Size
277KB
-
MD5
50c182293fef31782db383b5f5fb5a3f
-
SHA1
f884abacee9918bd3d454e531638aa16219d3f2b
-
SHA256
24e98f04948e730121af8c6f186b8b288a66bfdf88dcf4d11b7ef2878463bd89
-
SHA512
0399940f9661cbc156395700a0c3a5e6d69d02f7cb9bc43c7437cdcc4106e4e3a813ebd615e016e842b0ed93b14435f9134cd0d61a985b840fe922db65e6ba62
-
SSDEEP
6144:skdBy6tHmG676IS8i5cSXX6a8sg4iAA+KVI:By6tHe76IS8i5LXviAAje
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
WinSCP.exedescription ioc process File opened (read-only) \??\V: WinSCP.exe File opened (read-only) \??\W: WinSCP.exe File opened (read-only) \??\B: WinSCP.exe File opened (read-only) \??\E: WinSCP.exe File opened (read-only) \??\G: WinSCP.exe File opened (read-only) \??\Q: WinSCP.exe File opened (read-only) \??\Z: WinSCP.exe File opened (read-only) \??\H: WinSCP.exe File opened (read-only) \??\I: WinSCP.exe File opened (read-only) \??\R: WinSCP.exe File opened (read-only) \??\X: WinSCP.exe File opened (read-only) \??\Y: WinSCP.exe File opened (read-only) \??\A: WinSCP.exe File opened (read-only) \??\J: WinSCP.exe File opened (read-only) \??\K: WinSCP.exe File opened (read-only) \??\T: WinSCP.exe File opened (read-only) \??\P: WinSCP.exe File opened (read-only) \??\S: WinSCP.exe File opened (read-only) \??\U: WinSCP.exe File opened (read-only) \??\L: WinSCP.exe File opened (read-only) \??\M: WinSCP.exe File opened (read-only) \??\N: WinSCP.exe File opened (read-only) \??\O: WinSCP.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
WinSCP.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinSCP.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
WinSCP.exepid process 2292 WinSCP.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
WinSCP.exepid process 2292 WinSCP.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
WinSCP.exepid process 2292 WinSCP.exe 2292 WinSCP.exe 2292 WinSCP.exe 2292 WinSCP.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dll\WinSCP.exe"C:\Users\Admin\AppData\Local\Temp\dll\WinSCP.exe"1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2292