Overview
overview
7Static
static
33fbb8df633...18.exe
windows7-x64
73fbb8df633...18.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CoCode.dll
windows7-x64
3CoCode.dll
windows10-2004-x64
3SDL.dll
windows7-x64
3SDL.dll
windows10-2004-x64
3SsmpVlogLayerComm.dll
windows7-x64
3SsmpVlogLayerComm.dll
windows10-2004-x64
3UFDeMux.dll
windows7-x64
3UFDeMux.dll
windows10-2004-x64
3UFSource.dll
windows7-x64
3UFSource.dll
windows10-2004-x64
3UPnPNat.dll
windows7-x64
3UPnPNat.dll
windows10-2004-x64
3UUPlayer.exe
windows7-x64
3UUPlayer.exe
windows10-2004-x64
3UUPlayer.dll
windows7-x64
3UUPlayer.dll
windows10-2004-x64
3UUSeeMediaCenter.exe
windows7-x64
4UUSeeMediaCenter.exe
windows10-2004-x64
4UUUpgrade.exe
windows7-x64
3UUUpgrade.exe
windows10-2004-x64
3UUUpgrade.dll
windows7-x64
3UUUpgrade.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13/10/2024, 12:00
Static task
static1
Behavioral task
behavioral1
Sample
3fbb8df63322dfe33355344f89c2dc42_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3fbb8df63322dfe33355344f89c2dc42_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
CoCode.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
CoCode.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
SDL.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
SDL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
SsmpVlogLayerComm.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
SsmpVlogLayerComm.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
UFDeMux.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
UFDeMux.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
UFSource.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
UFSource.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
UPnPNat.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
UPnPNat.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
UUPlayer.exe
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
UUPlayer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
UUPlayer.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
UUPlayer.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
UUSeeMediaCenter.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
UUSeeMediaCenter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
UUUpgrade.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
UUUpgrade.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
UUUpgrade.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
UUUpgrade.dll
Resource
win10v2004-20241007-en
General
-
Target
SsmpVlogLayerComm.dll
-
Size
297KB
-
MD5
f6c0cad3b226f84cb12f0f52927a26c7
-
SHA1
35042cb4025a91c6c40b5e9a3cc060f9473579b2
-
SHA256
0433fdec2e89d3e3092c4c1a0430b44727aada6cae7484a0ea08ca2859a940e2
-
SHA512
d9e8d5315fe9c4015c9b0fa79977ebd888cc179937b56db0dc48b47f15e503a0f7f2529b78beccda49dce369e6644a4afe278386ca23cfca3ca20c4a7a9578ef
-
SSDEEP
6144:d9SqiyJ2WQBM8AGuGGJmrW6nmbS+wN4f8rbv65p4SQlNvw/5cdn74CYm:zriFWCM8AGGJmrW6mbS+wN4f4JSmN/mA
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4992 wrote to memory of 4648 4992 rundll32.exe 84 PID 4992 wrote to memory of 4648 4992 rundll32.exe 84 PID 4992 wrote to memory of 4648 4992 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SsmpVlogLayerComm.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4992 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SsmpVlogLayerComm.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4648
-