Overview

overview

8

Static

static

3

JaffaCakes...e0.exe

windows7-x64

3

JaffaCakes...e0.exe

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

OpenCandy/...lp.dll

windows7-x64

3

OpenCandy/...lp.dll

windows10-2004-x64

7

SWFGen.dll

windows7-x64

3

SWFGen.dll

windows10-2004-x64

3

flash4dv6full.exe

windows7-x64

7

flash4dv6full.exe

windows10-2004-x64

7

install_fl..._x.exe

windows7-x64

8

install_fl..._x.exe

windows10-2004-x64

8

$PLUGINSDI...ay.dll

windows7-x64

3

$PLUGINSDI...ay.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Flash9f.dll

windows7-x64

3

Flash9f.dll

windows10-2004-x64

3

FlashUtil9f.exe

windows7-x64

3

FlashUtil9f.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/03/2025, 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    flash4dv6full.exe

  • Size

    1.6MB

  • MD5

    8a81c6d21ff606ce0f6105d3a0eadb9b

  • SHA1

    3a399f299b0c9ba7261a4976b9755e8eb56126c6

  • SHA256

    abca96e44832b6c93e8598f8267593b2d327259101a6bbb76dfc61f08de3360d

  • SHA512

    8a511e330b506792a31e2433db4222bd3a2c724e4a2790fb66efadf3c45e3db488c770132046f5a8eaece03698fc8995c75b0029ab25e788f7a00233a6384bca

  • SSDEEP

    49152:q66rB3rilLxBTgb6PsjpdVuhOLvPtexGmTcf81:q66clLxNCpdGO5eaY

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\flash4dv6full.exe
    "C:\Users\Admin\AppData\Local\Temp\flash4dv6full.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\F76BE5F0.tmp
    Filesize

    2.9MB

    MD5

    48fdf435b8595604e54125b321924510

    SHA1

    e13d25bdac576e95e9134c3f95f0f8cbe94d6185

    SHA256

    7fcd80f7f56a841a4c5ef950afac8991da71ba9eae82f20db2954c7b4b72efd9

    SHA512

    86a59d83cc3d39b752b7a9c98e79b3f8fbcca66087926f026aabf5453bde83321928b77947e2aa5f625a53dafc89c0bf224daa7ce004b1851345abe93c6e83f3

    Download Submit

  • \Windows\SysWOW64\swfgen.dll
    Filesize

    836KB

    MD5

    a013f3a21b0d2b4d0488a98fb1dbc363

    SHA1

    6ba30b26190c1ae10d296f8ba95734be3425f1d7

    SHA256

    93e3a967b6432305c05408c8475e2e01559f525d1fb702f59dfb5de2a63564ac

    SHA512

    f7290d912a445338f6d38f4246b821d69170da4b0f42065e417ecdbd53d20c73f8faaafec37a0667adbd338ca50af172b45c2f6122c1b4e4f01ca3421742d835

    Download Submit

  • memory/2268-4-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2268-3-0x0000000030000000-0x00000000303AF000-memory.dmp

    Filesize

    3.7MB

    Download