Overview
overview
7Static
static
3662d135b8f...18.exe
windows7-x64
7662d135b8f...18.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ar.exe
windows7-x64
7$PLUGINSDI...ar.exe
windows10-2004-x64
7content/yt...log.js
windows7-x64
3content/yt...log.js
windows10-2004-x64
3content/yt...ons.js
windows7-x64
3content/yt...ons.js
windows10-2004-x64
3content/yt...eio.js
windows7-x64
3content/yt...eio.js
windows10-2004-x64
3content/yt...als.js
windows7-x64
3content/yt...als.js
windows10-2004-x64
3content/yt...ory.js
windows7-x64
3content/yt...ory.js
windows10-2004-x64
3content/yt...18n.js
windows7-x64
3content/yt...18n.js
windows10-2004-x64
3content/yt...les.js
windows7-x64
3content/yt...les.js
windows10-2004-x64
3content/yt...ork.js
windows7-x64
3content/yt...ork.js
windows10-2004-x64
3content/yt...ons.js
windows7-x64
3content/yt...ons.js
windows10-2004-x64
3content/yt...age.js
windows7-x64
3content/yt...age.js
windows10-2004-x64
3content/yt...der.js
windows7-x64
3content/yt...der.js
windows10-2004-x64
3Analysis
-
max time kernel
139s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21/10/2024, 08:42
Static task
static1
Behavioral task
behavioral1
Sample
662d135b8fd1bce690264eec52cc5ea5_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
662d135b8fd1bce690264eec52cc5ea5_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ConnectionTester.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ConnectionTester.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/y_toolbar.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/y_toolbar.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
content/ytoolbar/dialog.js
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
content/ytoolbar/dialog.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
content/ytoolbar/feedFunctions.js
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
content/ytoolbar/feedFunctions.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
content/ytoolbar/fileio.js
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
content/ytoolbar/fileio.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
content/ytoolbar/globals.js
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
content/ytoolbar/globals.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
content/ytoolbar/history.js
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
content/ytoolbar/history.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
content/ytoolbar/i18n.js
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
content/ytoolbar/i18n.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
content/ytoolbar/installerVariables.js
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
content/ytoolbar/installerVariables.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
content/ytoolbar/network.js
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
content/ytoolbar/network.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
content/ytoolbar/options.js
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
content/ytoolbar/options.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
content/ytoolbar/setHomepage.js
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
content/ytoolbar/setHomepage.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
content/ytoolbar/toolbarBuilder.js
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
content/ytoolbar/toolbarBuilder.js
Resource
win10v2004-20241007-en
General
-
Target
$PLUGINSDIR/y_toolbar.exe
-
Size
1.8MB
-
MD5
6dce8e72c3b5a6f7196e5e481f713682
-
SHA1
4ae7e92618eb20397c83bbd50adb5dc997dfbdcb
-
SHA256
e4c6adf760bd2eec05394bba71dc5ed5ada554ed8bde3494a34d25b3937eb319
-
SHA512
6550fd8f61323babe648f2a4dde0123007e86e24f3a3fd8c92fba4f0526ccb7aaa7f5a14d27749c5113fafe15c47ee4f1774f173de3ea80e5c2fb06339b0590a
-
SSDEEP
49152:BlsKLVTybPswErhM3yAW1loLQQL4szSkDzDsXWW/:hyw9rhMiAx8QLjXDsx
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation y_toolbar.exe -
Loads dropped DLL 20 IoCs
pid Process 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe 4680 y_toolbar.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language y_toolbar.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD529459d9ee2bce32ed937fb1f965f9d5e
SHA18fff45ed45f3af8f8c248eba9a1c02c9c5fc911d
SHA256ad07968b7d93ef19e10e1deb52e0c912e96dde30c0a49a0239daf176fd4c9ef5
SHA512d4ef4eadb0f53e7086a1d242bf7f745ad79d83d9ecbfaa283cf0dd499271a804589a575040bb20d5c98e86197cc65ca05ab1a358c556ea82a3e297d0255015a6
-
Filesize
9KB
MD56621d1f4e191c018a0d8abb5c610d1aa
SHA1c3af35a5df9361e2805bd84d3e3144e0b9c44d5b
SHA256d8d38c8983c4e29b13c93295876bf3726023fafd05985f354e09b806993f78c5
SHA5126029146fc1f193214aa0fd81d7ca724e741fd79c55e42976cb69d37464e55d1258fa866fcfadc0182f3726de018381c660622d78617cd726472163e847a3f3a5
-
Filesize
1KB
MD5c1a915d2ce6ef3bee3e324bf389605b8
SHA1462df4cf78728f740522eb6161af62260ab16e3a
SHA256e5f08cfe7ca071b8c4deb6194b323dd3f352a56ad62b59d00ccd6ab303e23a55
SHA512839f9bf737f989afd78afd48ff671c19b744d43d731203e10f12cb6b706a5d4540eb45f3134c32c93ebc88150e1f829da86ac9179c79f4b24f02c3f984b759b0
-
Filesize
1KB
MD5ab52f1133ee813a32a144496c7c2486d
SHA1359cbc373f9c3f57b6947af0251c77b233304b4c
SHA256598f8f9e25abefa80a91f753a8cceca118c058d1b106b5abdca2f7b77e580569
SHA5127f3cc5ea507d3b4e24ced99a8ac391a5704ee8b1589482e184e1bd717c4995e8259f0957a7213d70bed7927b6d968e6c9a6f519367e9416da02b3c4e84925611
-
Filesize
1KB
MD52e41a0be15c814d374a859f578c5a09b
SHA1ff7c8b9316a078f1eb34a71b47a11be2f8fb045c
SHA256f2695bce869d1abcac4d37a6abd17876885f4fcc0682e9d37981455ad2e45e0d
SHA512de6901187bb929e86abbd508965115bdf02fce6f62867056ee9c4f6cf6aad4092700cf055b5768397ca8142603ae169aa7ad12a6dacbbc0dc09033253a50374f