Overview

overview

7

Static

static

7

JaffaCakes...d5.exe

windows7-x64

7

JaffaCakes...d5.exe

windows10-2004-x64

7

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rs.dll

windows7-x64

3

$PLUGINSDI...rs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

5

$PLUGINSDI...on.dll

windows10-2004-x64

5

$PROGRAMFI...er.exe

windows7-x64

3

$PROGRAMFI...er.exe

windows10-2004-x64

3

$PROGRAMFI...32.dll

windows7-x64

3

$PROGRAMFI...32.dll

windows10-2004-x64

3

$PROGRAMFI...en.dll

windows7-x64

3

$PROGRAMFI...en.dll

windows10-2004-x64

3

$PROGRAMFI...ce.exe

windows7-x64

1

$PROGRAMFI...ce.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    69s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/03/2025, 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PROGRAMFILES/SoftwareUpdater/Interop.Shell32.dll

  • Size

    48KB

  • MD5

    6d3eebe3b94b5c98467d7111bcba269f

  • SHA1

    322e2fa9968071f0f2c0a82e6e5dea71c638d706

  • SHA256

    46cadda3634354330ff142e19b7435e77a8fdf4fd08a6f18fa585e2b6e66e5ea

  • SHA512

    e902a522035a74b0edfce0f16f675e80ef713d5d10e8906c801f2cea90be4a97edae90fb45b1d3d43ccbe44c857dcea39fb50ffa2b9737bcec2a131519e1b4b5

  • SSDEEP

    768:wexl81nX6ZxlvUAa7KoBv7epginbCe7AXjuw9tL0Duxj7tr+Br+FHy:wexl81nK34PJepgqcVzhy

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\SoftwareUpdater\Interop.Shell32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3580
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\SoftwareUpdater\Interop.Shell32.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads