Overview

overview

7

Static

static

3

2b2d5a9fe9...18.exe

windows7-x64

7

2b2d5a9fe9...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

GetMusic.exe

windows7-x64

3

GetMusic.exe

windows10-2004-x64

3

RealYQLyrics.dll

windows7-x64

3

RealYQLyrics.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

YQL_Lyrics_Common.dll

windows7-x64

3

YQL_Lyrics_Common.dll

windows10-2004-x64

3

YiqilaiLyrics.dll

windows7-x64

3

YiqilaiLyrics.dll

windows10-2004-x64

3

YiqilaiLyrics.exe

windows7-x64

3

YiqilaiLyrics.exe

windows10-2004-x64

3

foo_ui_columns.dll

windows7-x64

3

foo_ui_columns.dll

windows10-2004-x64

3

foo_ui_yqllyrics.dll

windows7-x64

3

foo_ui_yqllyrics.dll

windows10-2004-x64

3

gen_yqllyrics.dll

windows7-x64

3

gen_yqllyrics.dll

windows10-2004-x64

3

iTunesYQLyrics.dll

windows7-x64

3

iTunesYQLyrics.dll

windows10-2004-x64

3

music.dll

windows7-x64

3

music.dll

windows10-2004-x64

3

vis_yqllyrics.dll

windows7-x64

3

vis_yqllyrics.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 04:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b2d5a9fe9a80d25c2dd6d278ce25121_JaffaCakes118.exe

  • Size

    778KB

  • MD5

    2b2d5a9fe9a80d25c2dd6d278ce25121

  • SHA1

    295da75dad8f2c3de466c5ae5e1e5ec733d4861b

  • SHA256

    654a953494447af59862ce0b22977af7ad039cb5080702633b776fb7c28a4a52

  • SHA512

    5e5121d9ba5ceb177a61de1d09d4ef5d36087978bf8bd9e1e480f00f2b1bbe9f8473a439674a855324eba882d667864ad87d6911537db91cd9368250ccf5ec45

  • SSDEEP

    24576:wZPW2PptRgTGO5A9b7Zz3AD3Vjm9DwnrTXWh2b7kWRXZy:wjOy3z3eBjvXWYbAWXZy

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 25 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b2d5a9fe9a80d25c2dd6d278ce25121_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2b2d5a9fe9a80d25c2dd6d278ce25121_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:1608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Yiqilai\Temp\RealYQLyrics.rpv
    Filesize

    64KB

    MD5

    81b044a6b57ad9cdf2dc2a21ede1a50f

    SHA1

    8d366efc77495e24d84e45a424a17f0cc135fe9c

    SHA256

    3e1cbc2a3933f35e70be6682e8c86eba46286c7a2af642abd5659e5b111d7eb2

    SHA512

    62e07a550e1c5ab76d07c58cc147da7296ba3123617ed58cb8938bf778bf092a6071c1b905c1cbce9a02f48a76eb09c3fabc6eda19a58eddde6303512be33f87

    Download Submit

  • C:\Program Files (x86)\Yiqilai\Temp\YQL_Lyrics_Common.dll
    Filesize

    505KB

    MD5

    28c7e6aa8096778587a99c143f9713e2

    SHA1

    4a19e18a8cacdfef307c162b3def6b59f828d6d8

    SHA256

    2f0f519a78de37677985635f98fe082c650f65c2b54df068cee1425bf5376f19

    SHA512

    787e86f3df94272fcdb1cc23e6e30f85cb7eb14b2f063ffdb865b4e718dab9c7657fbf0364648deeaba82194b09cbdbaa5e281d0d4a104cd6c77e32adb7bae35

    Download Submit

  • C:\Program Files (x86)\Yiqilai\Temp\foo_ui_columns.dll
    Filesize

    578KB

    MD5

    d6a04b9a48c21ace47d50a4681238ee2

    SHA1

    ffb07177077b5be4258adfbff8d7972f589036f4

    SHA256

    e2ef3556450075840768fa44e71070246cca670348e4b379d10c4bba1152b4be

    SHA512

    3049e950996587c64a1ad89d23e0018065cb38c5bc44ae0e38297e6120c148f3a3c01a09829af3c5d95e062148c2c55e8adf31dd7e89723732e2ddeef8f733bc

    Download Submit

  • C:\Program Files (x86)\Yiqilai\Temp\foo_ui_yqllyrics.dll
    Filesize

    139KB

    MD5

    15713fc717c391916ff8c9c0062483ff

    SHA1

    2c68984a8b150a6ddbb0e65f37875984d1125980

    SHA256

    863723f75d8d95c43f8b1448a8135365e55bf60b26f939cb19eed36eb7fbf360

    SHA512

    4dcc437752a7dc972a4a05724daee2c2e4183fc75b5c92ce8fb0854a57d1470c80bd87978e6df2481f9ad050032e9e9152b87bb5f8b8275f01d908a134d61d5a

    Download Submit

  • C:\Program Files (x86)\Yiqilai\Temp\gen_yqllyrics.dll
    Filesize

    52KB

    MD5

    5a2de3b0a621044fa9fa183306c03d7c

    SHA1

    13866a5434f7ce37798105ef7fde392d81af7f9b

    SHA256

    1082367458e59b8aab15ba0847eb976fedb2439a39d90c6f309614e7a2b4f96d

    SHA512

    09d440d732bb7301cc0d986c56a2a23d4933ee8357afc1661b138530d35b65708b83ce2d98e314b2d30f900f9056ee86dcc680d0350c6b7b066aab59f3a3afdc

    Download Submit

  • C:\Program Files (x86)\Yiqilai\Temp\iTunesYQLyrics.dll
    Filesize

    112KB

    MD5

    990265b730aa3fd053173cef5725bfe0

    SHA1

    4b2d27aa8afb0df20e20f23c0be9db02c5f48b24

    SHA256

    cc35d693ed7d7fdb2abebe3f083484582d139143715edb47776f8673a3800f33

    SHA512

    a4ea8a066d2bcea231153452181a003cad3d6e604e2f420097e665998bb9b801d12dd5438205d6ae89d2116b7aa87d0daa879daca83853bca396518bae1b93c7

    Download Submit

  • C:\Program Files (x86)\Yiqilai\Temp\vis_yqllyrics.dll
    Filesize

    70KB

    MD5

    7c0f30388e0033df9fca7b2a2a0f9d56

    SHA1

    66e25c379b09a4134963acb1c87696b60e94f444

    SHA256

    043cf2eee9f177dae38b2c6de59a9836276d049937f12c34c47c47be0fdef935

    SHA512

    53a5494d4b091e540cf163f14480d9977bf242e9d565d7922cad159034d76eced451698f361488e507552f78aafde6ff454c11ad39b0a96e06df1f7649f170ca

    Download Submit

  • C:\Program Files (x86)\Yiqilai\tools\music.dll
    Filesize

    59KB

    MD5

    abaffca5a367f350f13bff241aad6e98

    SHA1

    6404d135ccc8879ede1fd76aeb69e34cbdbdcb25

    SHA256

    ca6a3a7cf46504fe67eefdacb7acf6efe0337033f02fef5ad5a2f4bf844c197d

    SHA512

    0861f3f5a7415b9e931643764e19607db98f3c7e267d8f61b99933e04716f1f429b9a356dc4d555fe9733d537ea3e4b81880bbe5199d0265a0ce3728a74162df

    Download Submit

  • C:\Program Files (x86)\Yiqilai\wmp\YiqilaiLyrics.dll
    Filesize

    136KB

    MD5

    1173568d20839a0c40bd0d64309dda11

    SHA1

    f61e060c4ad8ea149253bebf1292f61384181acb

    SHA256

    d1a4269f7eca0c7552f9b6b9633973c6c31c19447ef552788816d8f4b358d5cb

    SHA512

    cf3c242def6010d18a7739989d2c17c130deb182e84df734ede75f446fe9ba8b57604112c0fe8b205ecb442d0a854b631a88190d2141cc3df331d8233880e0ea

    Download Submit