Overview
overview
7Static
static
38275337624...18.exe
windows7-x64
38275337624...18.exe
windows10-2004-x64
3$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ck.dll
windows7-x64
3$PLUGINSDI...ck.dll
windows10-2004-x64
3$SYSDIR/ff_vfw.dll
windows7-x64
3$SYSDIR/ff_vfw.dll
windows10-2004-x64
3$SYSDIR/msvcr71.dll
windows7-x64
3$SYSDIR/msvcr71.dll
windows10-2004-x64
3$TEMP/cfco...te.exe
windows7-x64
7$TEMP/cfco...te.exe
windows10-2004-x64
7$PLUGINSDI...te.dll
windows7-x64
3$PLUGINSDI...te.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ck.dll
windows7-x64
3$PLUGINSDI...ck.dll
windows10-2004-x64
3$_6_/divx5/DivX.dll
windows7-x64
3$_6_/divx5/DivX.dll
windows10-2004-x64
3$_6_/divx5/PSIKey.dll
windows7-x64
3$_6_/divx5/PSIKey.dll
windows10-2004-x64
3$_6_/ffdsh...ow.dll
windows7-x64
3$_6_/ffdsh...ow.dll
windows10-2004-x64
3$_6_/ffdsh...ff.dll
windows7-x64
3$_6_/ffdsh...ff.dll
windows10-2004-x64
3$_6_/ffdsh...ID.dll
windows7-x64
3$_6_/ffdsh...ID.dll
windows10-2004-x64
3Analysis
-
max time kernel
147s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31-10-2024 08:27
Static task
static1
Behavioral task
behavioral1
Sample
8275337624b2c795196952c0ef0f22d1_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
8275337624b2c795196952c0ef0f22d1_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/DLLWebCount.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/DLLWebCount.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/ServiceBlock.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/ServiceBlock.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$SYSDIR/ff_vfw.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
$SYSDIR/ff_vfw.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$SYSDIR/msvcr71.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
$SYSDIR/msvcr71.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$TEMP/cfcodecdelete.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral16
Sample
$TEMP/cfcodecdelete.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/FRNDelete.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/FRNDelete.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/ServiceBlock.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/ServiceBlock.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$_6_/divx5/DivX.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral24
Sample
$_6_/divx5/DivX.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$_6_/divx5/PSIKey.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
$_6_/divx5/PSIKey.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$_6_/ffdshow/FLT_ffdshow.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral28
Sample
$_6_/ffdshow/FLT_ffdshow.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$_6_/ffdshow/TomsMoComp_ff.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
$_6_/ffdshow/TomsMoComp_ff.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$_6_/ffdshow/WinCPUID.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
$_6_/ffdshow/WinCPUID.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
$TEMP/cfcodecdelete.exe
-
Size
68KB
-
MD5
c0d7ab0f61a060bc1f485621e2b48cae
-
SHA1
55f070de22d60421e285051290476fe3e485d487
-
SHA256
6686f66867b346b510297f9498b1688f30b77a6bf53e6acab78b1777c99d6aea
-
SHA512
d4eacb9e4537b2dd331440a964633239f16ef903374857b22ca723a3728bc245ab6b5c73e696ecd3d8b552064d46d877665cd6db3410d421c35624cc8dbfd2da
-
SSDEEP
1536:0JRE0MupgohzRg60D9mJm1w/Z4Roz+88cyqaLEYdVN25+Qavr+:0Xu/MVID9mJm1U4+8c7sNzQki
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cfcodecdelete.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe -
Suspicious use of FindShellTrayWindow 31 IoCs
pid Process 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe 3860 cfcodecdelete.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD58d4f8e9e897247e7bf1a1963e24d070b
SHA1c1feaa4db159a478c99fe8cc109c7a10fb014130
SHA2563a07e930d76f9d3f06749461dc13f781af6db0290561d27e9cc3c24a516e417d
SHA51233ea7ce9aa342d64c1c182e423cb0d2e19b44fc1769bbb5e70a478028cae28e3a3557470fb827d90dcb253ae04b75fda82bf70fd1183db210f83f90e2d1280cf
-
Filesize
32KB
MD583142eac84475f4ca889c73f10d9c179
SHA1dbe43c0de8ef881466bd74861b2e5b17598b5ce8
SHA256ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
SHA5121c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
-
Filesize
24KB
MD58592853112ae45b942550ff1b3b3ccd7
SHA162535e792ec4214cd23651116acbb61d5c0bf848
SHA256dc8696d38e17a131d4bbe66dc8b7e3a6ad164df67fe37ddcfab3a50ae5b60835
SHA512ce232f32a8f17b5b88fd0f794ee691dd0b70070a7b6c9d9eb823de6613ab5d39297293539c8cf75b3c8d20f62b8e689c28ab0fb8d5bfc46765e80b0bac58330e