Overview
overview
7Static
static
3JaffaCakes...98.exe
windows7-x64
7JaffaCakes...98.exe
windows10-2004-x64
7$0/Resourc...d.html
windows7-x64
3$0/Resourc...d.html
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...n.html
windows7-x64
3$PLUGINSDI...n.html
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PROGRAMFI...gs.exe
windows7-x64
3$PROGRAMFI...gs.exe
windows10-2004-x64
3$PROGRAMFI...ot.dll
windows7-x64
3$PROGRAMFI...ot.dll
windows10-2004-x64
3Analysis
-
max time kernel
94s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20/01/2025, 12:04
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_e69c5c6b034d010bb57126bf82813198.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_e69c5c6b034d010bb57126bf82813198.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$0/Resources/BrowserSearch/alot_search_defend.html
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$0/Resources/BrowserSearch/alot_search_defend.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/eula_en.html
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/eula_en.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/installhelper.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/installhelper.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PROGRAMFILES/alot/bin/ALOTSettings.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PROGRAMFILES/alot/bin/ALOTSettings.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/alot/bin/alot.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/alot/bin/alot.dll
Resource
win10v2004-20241007-en
General
-
Target
$PROGRAMFILES/alot/bin/alot.dll
-
Size
812KB
-
MD5
acb423998044f7dcc904a43419ef2d78
-
SHA1
7fec3d6d444c8f3fef32b6634901fd010b0295bb
-
SHA256
03707a3959ee86ab624d805a399b839d9b2949875f79940026f63a96e6be740f
-
SHA512
f037a03564f3608dc69deef46aa63b9250721f4c16aa882054b8eae8a34842a2f7b39910abe47141b549e276b9316ad731056674b9c76bbf5991158ec2c6170a
-
SSDEEP
24576:K35Y3xC4J85Z31MXoOr/KPLPsF3EpBYnIHJ9UDMPW3157Tn1y5x5FJp939mL:K2s5XsSjsF0pBYnTf71oP39mL
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1608 wrote to memory of 2024 1608 regsvr32.exe 85 PID 1608 wrote to memory of 2024 1608 regsvr32.exe 85 PID 1608 wrote to memory of 2024 1608 regsvr32.exe 85
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\alot\bin\alot.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1608 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\alot\bin\alot.dll2⤵
- System Location Discovery: System Language Discovery
PID:2024
-