Overview
overview
7Static
static
74e76b3f0c7...18.exe
windows7-x64
74e76b3f0c7...18.exe
windows10-2004-x64
7$PLUGINSDI...me.exe
windows7-x64
3$PLUGINSDI...me.exe
windows10-2004-x64
3$PLUGINSDI...MG.dll
windows7-x64
7$PLUGINSDI...MG.dll
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UIEx.dll
windows7-x64
3$PLUGINSDIR/UIEx.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDIR/nsLib.dll
windows7-x64
3$PLUGINSDIR/nsLib.dll
windows10-2004-x64
3$PROGRAMFI...es.exe
windows7-x64
3$PROGRAMFI...es.exe
windows10-2004-x64
3$PROGRAMFI...er.exe
windows7-x64
3$PROGRAMFI...er.exe
windows10-2004-x64
3$PROGRAMFI...me.exe
windows7-x64
3$PROGRAMFI...me.exe
windows10-2004-x64
3$PROGRAMFI...63.exe
windows7-x64
7$PROGRAMFI...63.exe
windows10-2004-x64
7$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3HaoZip.chm
windows7-x64
1HaoZip.chm
windows10-2004-x64
1HaoZip.dll
windows7-x64
3HaoZip.dll
windows10-2004-x64
3General
-
Target
4e76b3f0c742704f356827c234057334_JaffaCakes118
-
Size
5.9MB
-
Sample
241016-xj4a2swdna
-
MD5
4e76b3f0c742704f356827c234057334
-
SHA1
501a1334a8201aa188ba8cf8d0f994b60eaaae39
-
SHA256
e62106ce0ab1993ad6b404a6d856c203191ba320367fbfb5fd988e2e0ce41c7e
-
SHA512
2f5a19997db1a09479875c8c52ef43514b2eacc517cfadccb3fecd5dc0fc77e1da31ad2c5281da682660caf4d5e368058401fd1d99df1edbb63ffdcdedc789e0
-
SSDEEP
98304:mOWYHhveAld/IVR9YKI/G2YGBbFvHtji5NUGoCMZomy5fGgAR1LUKBRn9aD70pP6:3XdcVI/G2YGRNji5P/MZ85sReKr9+70Y
Behavioral task
behavioral1
Sample
4e76b3f0c742704f356827c234057334_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4e76b3f0c742704f356827c234057334_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/$PROGRAMFILES/$(LSTR_40)/tools/UXTheme.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/$PROGRAMFILES/$(LSTR_40)/tools/UXTheme.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/DemoIMG.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/DemoIMG.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UIEx.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UIEx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/newadvsplash.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/newadvsplash.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/$(LSTR_40)/tools/DesktopThemes.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/$(LSTR_40)/tools/DesktopThemes.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PROGRAMFILES/$(LSTR_40)/tools/DesktopWallpaper.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PROGRAMFILES/$(LSTR_40)/tools/DesktopWallpaper.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PROGRAMFILES/$(LSTR_40)/tools/UXTheme.exe
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
$PROGRAMFILES/$(LSTR_40)/tools/UXTheme.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PROGRAMFILES/$(LSTR_40)/tools/haozip_silence.200863.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
$PROGRAMFILES/$(LSTR_40)/tools/haozip_silence.200863.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/FileInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/FileInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
HaoZip.chm
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
HaoZip.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
HaoZip.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
HaoZip.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4e76b3f0c742704f356827c234057334_JaffaCakes118
-
Size
5.9MB
-
MD5
4e76b3f0c742704f356827c234057334
-
SHA1
501a1334a8201aa188ba8cf8d0f994b60eaaae39
-
SHA256
e62106ce0ab1993ad6b404a6d856c203191ba320367fbfb5fd988e2e0ce41c7e
-
SHA512
2f5a19997db1a09479875c8c52ef43514b2eacc517cfadccb3fecd5dc0fc77e1da31ad2c5281da682660caf4d5e368058401fd1d99df1edbb63ffdcdedc789e0
-
SSDEEP
98304:mOWYHhveAld/IVR9YKI/G2YGBbFvHtji5NUGoCMZomy5fGgAR1LUKBRn9aD70pP6:3XdcVI/G2YGRNji5P/MZ85sReKr9+70Y
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/$PROGRAMFILES/$(LSTR_40)/tools/UXTheme.exe
-
Size
122KB
-
MD5
8a8de6f6e39d0ab2226f0c978d8a035d
-
SHA1
e9669046f99751fa10165b291867a283c75eb52e
-
SHA256
af422c53cc1177665dc06823531271efa4152dc1c467641212e03a6476079866
-
SHA512
bbf270fc77cfc24cdcebc66be74063e18c4f2526262fa18bc9a4fc32447131808e99270b941539322afe8bc47b5616572af990d15101722ae10d0cb7503d3014
-
SSDEEP
3072:X78vwnEm+1RAkd3deANZ+IxxUGOgk+0go8hEII/IIIa7bi:X7KwEpAJWhcgphEII/IIIp
Score3/10 -
-
-
Target
$PLUGINSDIR/DemoIMG.dll
-
Size
5KB
-
MD5
62eaf217f4cc7ea81334c0a0092fe4de
-
SHA1
308cd496c77cab6309e6c2bbefcf4773de73b96d
-
SHA256
e41f444fe4e063af0e27375364d821f29afd6f4d1ae85ba3ebfc644ddd9975f2
-
SHA512
f5d90f9c5666587a984982f3b65808f6acbdc290792a901e61cb6f2f2ba4719f8acb47a735c3089d6c9fa9012fef38709492d754de7f5491980c75a23edd707a
-
SSDEEP
96:ShK/S2RqG4RftqmnFxgC0xNQxJnGR4HZhNc:SA/9Ju15xgC5xJn55hN
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UIEx.dll
-
Size
6KB
-
MD5
ecd24b046df5838936b4ad9860f79c7c
-
SHA1
f33fa4bdcfcd1a698cd45257e7db30b307989f2d
-
SHA256
50576ef71d3d07ee1a6651d89395c2441314756ff7dd75063559675a7dae52c6
-
SHA512
09747d14451e4e9586cc57337b6ccd25c11a6084e1d6a4e61fb9aa695ba5bb3a04430387dfff206acdd78d076b160395f8aeded1e0437cf365830ee457440c7f
-
SSDEEP
96:XTMpptnDfDbRcHMYE1bKo97GH24HB/VozNa0iQDIKr0XeV/dz6e5:Xon3NcH071e1h6av8h5x6Y
Score3/10 -
-
-
Target
$PLUGINSDIR/newadvsplash.dll
-
Size
8KB
-
MD5
9bc6c411efa742a5de7d8372afafa2fa
-
SHA1
2b57865e87c7ca2db97d0296d8cbe0183df2c2cf
-
SHA256
0cac914c87d4e73875dea8544391e383f441d624ea5ec9a4864d056db161206c
-
SHA512
092ef3f13a71a46df0f78a3b5eb4492bee32f1a12be27e0c534638ec7723b2a9aac23391768c352289df6a8988cbc6cf96ea22d8f1983b5ccf609e08d1db4bde
-
SSDEEP
192:7p/MyET9lrRyFJb9kSw/T6rz91YrLV1hiI:7p/MyET90k7/T6rB1Yk
Score3/10 -
-
-
Target
$PLUGINSDIR/nsLib.dll
-
Size
5KB
-
MD5
fce57f99b4600c44ed62539184d9c610
-
SHA1
f47e2bb1cbe25de317e7d6f575869ad79f4535f2
-
SHA256
b4e77dd94f0240be9b73eba9a0eb17631826469423305008fd89e687317c2f10
-
SHA512
60744fd926e5fa174bf7705d1d365934464abdbcbd40d328943d02d955416c37131610708a888f513036688e9e9f1d4cbb018b6cf203c9a0ba9c863e9779060e
-
SSDEEP
48:KW7wi4ZUFW9oP7j4GaUxWqFZ9hxnuhB3HNdfbiUSFFyFpV0Av9h4agOC+RXCHMI:4Zd9a4Ex/zWdfbpBLV0Alh4Pj
Score3/10 -
-
-
Target
$PROGRAMFILES/$(LSTR_40)/tools/DesktopThemes.exe
-
Size
136KB
-
MD5
4b904c2ec04fa7fa3fd20b7fe6ff4661
-
SHA1
7260568c7a6f3ef051b99baaed1bdd1748445eb3
-
SHA256
a0ef9e1c7081a57fe28f10b6222afddd833d78c281cc58974bc6d7291129c7e9
-
SHA512
ced4e75b996d4558d25102975b1a2d4c2a574d55e712a3045c49541d0fa783e66857d5aee5fe20528afdf92ed7b47b4fce651a062502e2987971e31d520f69d9
-
SSDEEP
3072:A6Zh8Rl+lYkqUiNFHJbOW6DbEI82CVVTAMCB:A63iVOWYbEIhCV5AlB
Score3/10 -
-
-
Target
$PROGRAMFILES/$(LSTR_40)/tools/DesktopWallpaper.exe
-
Size
624KB
-
MD5
78ab2ae669d1e3e1836f081bb096be47
-
SHA1
139a958fef06f4cacfe6ca1a944f8328e9e4a8cd
-
SHA256
399b459da7e6bd946209b611ca9eba0a93ba258e00d1cfd64c3e865ba48d5d69
-
SHA512
26018163812db365e5494be33b59abd28fd22f6aed22904dc75acfc0ec279ec6d8d5606d0279f309a4e9c1a372e5cce972bb88a2e71d39da15fd9562d6a3fd34
-
SSDEEP
6144:feTeM/Ruu4VtPHzDKuf9fHCSWRmv6q67LQXyuIL0wMHMMw5RXP54ndL:DMJ6CufNYqEQ+P54dL
Score3/10 -
-
-
Target
$PROGRAMFILES/$(LSTR_40)/tools/UXTheme.exe
-
Size
122KB
-
MD5
8a8de6f6e39d0ab2226f0c978d8a035d
-
SHA1
e9669046f99751fa10165b291867a283c75eb52e
-
SHA256
af422c53cc1177665dc06823531271efa4152dc1c467641212e03a6476079866
-
SHA512
bbf270fc77cfc24cdcebc66be74063e18c4f2526262fa18bc9a4fc32447131808e99270b941539322afe8bc47b5616572af990d15101722ae10d0cb7503d3014
-
SSDEEP
3072:X78vwnEm+1RAkd3deANZ+IxxUGOgk+0go8hEII/IIIa7bi:X7KwEpAJWhcgphEII/IIIp
Score3/10 -
-
-
Target
$PROGRAMFILES/$(LSTR_40)/tools/haozip_silence.200863.exe
-
Size
4.0MB
-
MD5
04571a19aaa2fcaee52b6f9724452caf
-
SHA1
c582ada80941bb62169eb8e515a3228251b994a7
-
SHA256
2c02c49adb8ec1994299affb0a5635e78b2a3dd291fa21a7a36f5460d8c91b88
-
SHA512
e44bd52d3efdac1702a735cdf785a217c7ec19a200c357edec1562c69f029ff98b809f2c1286df29e487be47dcb0e2a2c5823b20eebcc2e48e02a99a81617e87
-
SSDEEP
98304:hjtcdq3J8kgcrEonhWQ/MJIupvggaLygRvI0T:hjK8J39LnJcFpvIBx
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/FileInfo.dll
-
Size
46KB
-
MD5
25aa25fcec2065cdf81f77d2153a63a7
-
SHA1
e09b96d596323201ce5586daa16c9b8ecfaa7654
-
SHA256
ba62fc93cdd027de00af9cbaf31bf102d47fe9f1d74493ebf6faa2f2c9982435
-
SHA512
5de8b9ca1b38fba4f63756066d10a0312acafe9c051645fd192e500d1cff23a21845cec2d1fb1002ddf7002f9f6ae3962fd6087f3ab793d9630c33e35d6aba64
-
SSDEEP
768:tAZ9soz3qR9QI6vY+V882mIqfhvsXRi1wOieGtJOQ:uZ9jqR9dP+7hvx1wO4tJOQ
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
828a94a3b9a080f79e84015b55fce227
-
SHA1
c15c615925bb72531ba32194253eefa49edaa93a
-
SHA256
1d0a17641f697203fd0c0b9ba0b715436299203c9c1be90c458fe668a1eb68d2
-
SHA512
c3d41a3f9377a8c18a85eec50a3eb3cf5a4ec8ea4bbffd73992455cb01aaed9f158183bc647684f82c516534266a46ccfcd7c2c0b3e1b73774c3bedc9e80054a
-
SSDEEP
192:1sIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5mT8ozxGUWumle:1sUHd9GN2d2iwl0impATIPdAT8Ov6
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
a82b0479708b96c7bf4dd6b798aedee0
-
SHA1
7e47b402848a86bdddd5f0de8bb4620471caaab0
-
SHA256
72410442a894b8316da6ad469f03997ec17c0b0d117745bb6ac5cac3232c7d20
-
SHA512
02e07def3897d87d546c0cf1492191591be587f64ae5c165b9a91fb977585c65a860135eb8c102b67dede913ea935459ce70c4ca973b292122c8d097ab130d58
-
SSDEEP
192:hCZej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7y6G:hCi2HgN4GbeWmbI4Eybogia7y6
Score3/10 -
-
-
Target
HaoZip.chm
-
Size
59KB
-
MD5
dccb22cdbbc56a05786e32105122b821
-
SHA1
0c1e64eb3a429e26b95ae782fc9752ed082a1279
-
SHA256
42a76219b3382e58aa713e9b142b8f03daf318580b16b4cae538603d357bdd9b
-
SHA512
da4c994ca89b189cca41893d16f67e9cd75dbc315a8c9e0421ddadb8ee8f6f28be27788dba9924d551267e091faba176efe758baac6520e294352c871850a29b
-
SSDEEP
1536:JD41zTCt0J07EIsu8wDB5i9jfKZ+KpcsA+GbldmYxs:kzTCt0J07EIaoB+fJKDAzp0
Score1/10 -
-
-
Target
HaoZip.dll
-
Size
2.8MB
-
MD5
311087196830aef1fe6a91395bb159e5
-
SHA1
01204f57b1fb96a088b3f1727ed7e873fbf4496a
-
SHA256
774954f0e8382445dc885eac498e4fa524251bb2a09f7ba04d9c980b876a3038
-
SHA512
f924ee84dffd07ca7f18960dfc1b976377d8ba745c1a88d87caf3aa060d1ed7e0960a850c5161e8c9132210a96ed25727fc65044dcbca4cd08f1954d98f981b4
-
SSDEEP
49152:sLAXp0kkMqYXofxKKE6oRkJ6h3F1XjzQ2OyOtjwjWI+G29CeynMICgKs7gKsw765:sLAXp0kkMqYXofxKKE6oRO6/BzQ2OyO/
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1