Overview

overview

10

Static

static

10

JaffaCakes...7c.exe

windows7-x64

7

JaffaCakes...7c.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/98ipcap.bat

windows7-x64

4

$SYSDIR/98ipcap.bat

windows10-2004-x64

4

$SYSDIR/msvcp60.dll

windows7-x64

3

$SYSDIR/msvcp60.dll

windows10-2004-x64

3

$SYSDIR/npptools.dll

windows7-x64

3

$SYSDIR/npptools.dll

windows10-2004-x64

3

bin/DLmode.dll

windows7-x64

3

bin/DLmode.dll

windows10-2004-x64

3

bin/DelEntry.exe

windows7-x64

1

bin/DelEntry.exe

windows10-2004-x64

3

bin/Main.exe

windows7-x64

3

bin/Main.exe

windows10-2004-x64

3

bin/NetKeeper.exe

windows7-x64

3

bin/NetKeeper.exe

windows10-2004-x64

3

bin/NetKeeper.exe

windows7-x64

3

bin/NetKeeper.exe

windows10-2004-x64

3

bin/Updatemode.dll

windows7-x64

3

bin/Updatemode.dll

windows10-2004-x64

3

bin/bindconfirm.exe

windows7-x64

3

bin/bindconfirm.exe

windows10-2004-x64

3

bin/bmpres.dll

windows7-x64

1

bin/bmpres.dll

windows10-2004-x64

1

bin/detector.dll

windows7-x64

3

bin/detector.dll

windows10-2004-x64

3

bin/doload.dll

windows7-x64

3

bin/doload.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2025, 17:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/Main.exe

  • Size

    156KB

  • MD5

    c0c12a04a00819a056989a9ff95b8857

  • SHA1

    52ea609589508bb4bacce5f70123b4b3aedeb4d6

  • SHA256

    7eb2cfaf72964538ff0c166277345ce51b91f69311acca626e8eec1c550aaf19

  • SHA512

    dcbe0f45c53ee10dd69d8d5dabde66b357d72ecb8bb08e968f62e8a8717625ae58cb5f24d1294d0a77a90e9de77a4a75729a8f3e866ced8068c487e3716d20b9

  • SSDEEP

    768:MC9U7GemlZM4i+x3teby3rQvuviNUwKToNQV6WQs5yGENTLtsY:KiPlcQ2yb6FU7CQUWlotsY

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bin\Main.exe
    "C:\Users\Admin\AppData\Local\Temp\bin\Main.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\bin\NetKeeper.exe
      NetKeeper.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.