Overview
overview
7Static
static
366d40c5a35...18.exe
windows7-x64
766d40c5a35...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...is.dll
windows7-x64
3$PLUGINSDI...is.dll
windows10-2004-x64
3ffTrustMed...ion.js
windows7-x64
3ffTrustMed...ion.js
windows10-2004-x64
3ff/chrome/...700.js
windows7-x64
3ff/chrome/...700.js
windows10-2004-x64
3ff/chrome/...ion.js
windows7-x64
3ff/chrome/...ion.js
windows10-2004-x64
3ie/TrustMe...00.dll
windows7-x64
6ie/TrustMe...00.dll
windows10-2004-x64
6ie/TrustMe...64.dll
windows7-x64
7ie/TrustMe...64.dll
windows10-2004-x64
7uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...is.dll
windows7-x64
3$PLUGINSDI...is.dll
windows10-2004-x64
3General
-
Target
66d40c5a35a707bb69872cea946182c5_JaffaCakes118
-
Size
689KB
-
Sample
241021-ql4k9sverg
-
MD5
66d40c5a35a707bb69872cea946182c5
-
SHA1
a3d159336681dd796b049126116c2a64d96e719f
-
SHA256
2d4ab6858aaea34108f13d276a0c6de0b784f4e8c451f344c552dd2e739db949
-
SHA512
e7a607631058a08ff5433c3cf70ec33174c3915ffa1bcf4440ce422da0a579685dcf3ee2e8c28505aa1733876d72651171dc7ad5c65f7473ad3e3affb428d4ad
-
SSDEEP
12288:dgMCqHxEJ/BG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxD9jeKuVcvrD+N8yLwwi0:dgM9xENBG4G37tUnvone83Z76bMHxRte
Static task
static1
Behavioral task
behavioral1
Sample
66d40c5a35a707bb69872cea946182c5_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
66d40c5a35a707bb69872cea946182c5_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/aminsis.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/aminsis.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
ffTrustMediaViewerV1alpha3700chaction.js
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
ffTrustMediaViewerV1alpha3700chaction.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
ff/chrome/content/ffTrustMediaViewerV1alpha3700.js
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
ff/chrome/content/ffTrustMediaViewerV1alpha3700.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
ff/chrome/content/ffTrustMediaViewerV1alpha3700ffaction.js
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
ff/chrome/content/ffTrustMediaViewerV1alpha3700ffaction.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
ie/TrustMediaViewerV1alpha3700.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
ie/TrustMediaViewerV1alpha3700.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
ie/TrustMediaViewerV1alpha3700x64.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
ie/TrustMediaViewerV1alpha3700x64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/aminsis.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/aminsis.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
66d40c5a35a707bb69872cea946182c5_JaffaCakes118
-
Size
689KB
-
MD5
66d40c5a35a707bb69872cea946182c5
-
SHA1
a3d159336681dd796b049126116c2a64d96e719f
-
SHA256
2d4ab6858aaea34108f13d276a0c6de0b784f4e8c451f344c552dd2e739db949
-
SHA512
e7a607631058a08ff5433c3cf70ec33174c3915ffa1bcf4440ce422da0a579685dcf3ee2e8c28505aa1733876d72651171dc7ad5c65f7473ad3e3affb428d4ad
-
SSDEEP
12288:dgMCqHxEJ/BG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxD9jeKuVcvrD+N8yLwwi0:dgM9xENBG4G37tUnvone83Z76bMHxRte
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/aminsis.dll
-
Size
567KB
-
MD5
f346047b13f37f79c462e59a6319faa1
-
SHA1
ce9e7cb9719000a69b463fe024c81229e322279f
-
SHA256
e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453
-
SHA512
429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167
-
SSDEEP
12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/
Score3/10 -
-
-
Target
ffTrustMediaViewerV1alpha3700chaction.js
-
Size
869B
-
MD5
0a2cf0bc79517ac9a434c70b76d364a7
-
SHA1
14c4731e53a5ddcc270dd06f3eb3b1ce064b199f
-
SHA256
35418a33cea1568a69eabf71ec5f67efff8425e2b8e66deb1fad998dc2e66d57
-
SHA512
2f53dd5aa4d4bc53565e211ada04f4bea85580a9b59cd4447a5f3004ff684ed193560da2db81db7c218d0f7e834f300b68b82f386c1c36888f5f377c6ac2b4ab
Score3/10 -
-
-
Target
ff/chrome/content/ffTrustMediaViewerV1alpha3700.js
-
Size
768B
-
MD5
ce321112b170941179a56c31e74b3500
-
SHA1
df23b63600e63d6ff093c3e7dbe797289cfc7b61
-
SHA256
294e690b3795db785168251d91795fbffb1d5b29365c07954656c1daf08fb8f2
-
SHA512
09b7166d6ce36c4d6b5bdee14a340970a19cbaab2bee28c744b0d8649b92e00e5cd0aaf970aac3ff863daa524519534d5cd400319cca7dbb9b3d92fef0861cf3
Score3/10 -
-
-
Target
ff/chrome/content/ffTrustMediaViewerV1alpha3700ffaction.js
-
Size
706B
-
MD5
e3365d03764757648c477feee7f0d605
-
SHA1
2dadd5dedff2cdd5a15c9416dabef096300909c4
-
SHA256
84de82864504e682a19e27a27b5d3e57d0a2e86f4bcb555c1b62b2ad6cc2282f
-
SHA512
7ad996a8dd8f5d666003d77e324d211fe1629570791512c66dd68bebb6e6fe3d127f72c6412974b3596d8b3d05977930fffc7a8426154bbd78185ae14d2359e1
Score3/10 -
-
-
Target
ie/TrustMediaViewerV1alpha3700.dll
-
Size
85KB
-
MD5
af58875644622d1eed04eb3033e2ef06
-
SHA1
9ffa1143bc61a0b4cd385ddc190d7687bf158770
-
SHA256
2c027487275fcb894a2ac54a905b8de81d1d85aa8d69e78e7f4f18260126c114
-
SHA512
f8a275c2784f7d99066dcc6c4af777a654ff8e6b0a899f3d3351bde5341677c04d5a7c4757ae8dd708f32d5b4b4da59e5e52ff2f20e723f48c3bdf01319ead9f
-
SSDEEP
1536:wpMGCsQis4EnvtKx+kNp8Dkhy518DOslQTfAjlx:tGais4EnlKx+kNhy5uDraTfAj
-
-
-
Target
ie/TrustMediaViewerV1alpha3700x64.dll
-
Size
100KB
-
MD5
5604fe61065a91cc3318a663f4a8c3bd
-
SHA1
e3f50c91b0f66323364fc8ebfc049c21820785ef
-
SHA256
669b69b413a8d868fe575d25a729a70abed11560fd4ca0c66cdb033918ad8116
-
SHA512
2a35c8b55ec5fa7cda4cbbf8d98831e0be03af97522fa216395f7c446d166fc1772bb3b29643cf154c7078cfde80b90b8cdf8af273ff93639510a9050c802442
-
SSDEEP
3072:zBjCnTZPzGSRzBHsQnTfGNAjXOSWfzQBT+LF9mj:zNCnTZPzGAlHdTONAjTYvm
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
uninstall.exe
-
Size
295KB
-
MD5
33bacce234a66d7bf8ac5aa50f73d857
-
SHA1
5083ec2179b37abf8787db8f3431351c40382817
-
SHA256
9c62399696dc3bbd97b289141ecbac87235fa6c5774cb688b4df4d5ad0e9a546
-
SHA512
09e0d475ee4723a4ae8857715edf73c6b66b93ad5114bc0b4f6f0631648f91287f3a0664efac0abedcc12d4df0c3b1b906d3a0107191689edf369cdeb6968c61
-
SSDEEP
6144:Ee34ecjKTK0HVkUEYA2q5NbrWN83gQwwDuzMn6yDkvE39kojTxDtEx:XcjeKuVnvon+N83LwwiAn6KkM33nxDk
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/aminsis.dll
-
Size
567KB
-
MD5
f346047b13f37f79c462e59a6319faa1
-
SHA1
ce9e7cb9719000a69b463fe024c81229e322279f
-
SHA256
e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453
-
SHA512
429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167
-
SSDEEP
12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1