Overview
overview
10Static
static
10229da05be0...18.exe
windows7-x64
7229da05be0...18.exe
windows10-2004-x64
7!...��.exe
windows7-x64
3!...��.exe
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...te.dll
windows7-x64
3$PLUGINSDI...te.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/XML.dll
windows7-x64
3$PLUGINSDIR/XML.dll
windows10-2004-x64
3CrashReporter.exe
windows7-x64
3CrashReporter.exe
windows10-2004-x64
3Incoming/M...�].url
windows7-x64
1Incoming/M...�].url
windows10-2004-x64
1Incoming/M...MV.url
windows7-x64
1Incoming/M...MV.url
windows10-2004-x64
1Incoming/�...��.url
windows7-x64
1Incoming/�...��.url
windows10-2004-x64
1MP2PLoader.exe
windows7-x64
1MP2PLoader.exe
windows10-2004-x64
3MTVP2P_phone.js
windows7-x64
3MTVP2P_phone.js
windows10-2004-x64
3MediaInfo.dll
windows7-x64
3MediaInfo.dll
windows10-2004-x64
3MtvP2P.exe
windows7-x64
6MtvP2P.exe
windows10-2004-x64
6Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-10-2024 16:51
Behavioral task
behavioral1
Sample
229da05be0a100309faa895327f9ddad_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
229da05be0a100309faa895327f9ddad_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
!Զװ_Զ_��.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
!Զװ_Զ_��.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Blowfish.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Blowfish.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/Locate.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Locate.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/XML.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/XML.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
CrashReporter.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
CrashReporter.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Incoming/MTV2012-°[ٷվ].url
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
Incoming/MTV2012-°[ٷվ].url
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Incoming/MTVؾ.MVȫ.MV.MV.url
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
Incoming/MTVؾ.MVȫ.MV.MV.url
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Incoming/Աר.֧Ƿ..url
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
Incoming/Աר.֧Ƿ..url
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
MP2PLoader.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral26
Sample
MP2PLoader.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
MTVP2P_phone.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
MTVP2P_phone.js
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
MediaInfo.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
MediaInfo.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
MtvP2P.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
MtvP2P.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
!Զװ_Զ_��.exe
-
Size
272KB
-
MD5
2420544863daa0241d80c7cfaeccfba8
-
SHA1
81de43c794934e182f3cf1a46eb2945335374877
-
SHA256
db490294180e2e1f0823ecb4c4ec7b9a0b2715dcc1c0ceddb6c7e629e2227dde
-
SHA512
53a8de13b8efda7cbfe65825aa2c50ba25acfc9dfb2699563dbeed7fa50aff640d3690294e2902ee4e409057b65e4de15a173fc21571ca951fab547e490b20ea
-
SSDEEP
6144:cwJzza5D2unOlV+CaNqZz09MXlmJV+5Y2kTQHlZz095wJzza5D2unOlV+CaN:cMzzgWlV8Nyzbl4V+5Y2kTQH7zWMzzg9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language !Զװ_Զ_��.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\MenuExt\MTVP2P Download !Զװ_Զ_��.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\MenuExt\MTVP2P Download\ = "IE2EM.htm" !Զװ_Զ_��.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\MenuExt\MTVP2P Download\Contexts = "34" !Զװ_Զ_��.exe -
Modifies registry class 27 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\shell !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\ = "URL: kp2p Protocol" !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\DefaultIcon !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\DefaultIcon\ = "MP2PLoader.exe" !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\shell\open\command\ = "\"MP2PLoader.exe\" \"%1\"" !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\shell\open\command !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\URL Protocol !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\DefaultIcon !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\ = "URL: mp2p Protocol" !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\ = "URL: ed2k Protocol" !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\shell\open !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\DefaultIcon\ = "MP2PLoader.exe" !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\URL Protocol !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\shell\open\command\ = "\"MP2PLoader.exe\" \"%1\"" !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\shell\open !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\DefaultIcon\ = "MP2PLoader.exe" !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\shell !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\shell\open !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp2p\DefaultIcon !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\kp2p\shell\open\command !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\URL Protocol !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\shell\open\command !Զװ_Զ_��.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\shell !Զװ_Զ_��.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ed2k\shell\open\command\ = "\"MP2PLoader.exe\" \"%1\"" !Զװ_Զ_��.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1628 !Զװ_Զ_��.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\!Զװ_Զ_��.exe"C:\Users\Admin\AppData\Local\Temp\!Զװ_Զ_��.exe"1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1628