Overview
overview
8Static
static
725db368cc7...18.exe
windows7-x64
325db368cc7...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CCleaner.exe
windows7-x64
7CCleaner.exe
windows10-2004-x64
1Microsoft.mshtml.dll
windows7-x64
1Microsoft.mshtml.dll
windows10-2004-x64
1decaptcher.dll
windows7-x64
1decaptcher.dll
windows10-2004-x64
3fbclient.dll
windows7-x64
1fbclient.dll
windows10-2004-x64
1holfix.exe
windows7-x64
8holfix.exe
windows10-2004-x64
8ibprovider.dll
windows7-x64
1ibprovider.dll
windows10-2004-x64
1icudt30.dll
windows7-x64
1icudt30.dll
windows10-2004-x64
1icuin30.dll
windows7-x64
3icuin30.dll
windows10-2004-x64
3icuuc30.dll
windows7-x64
3icuuc30.dll
windows10-2004-x64
3msvcp80.dll
windows7-x64
1msvcp80.dll
windows10-2004-x64
1msvcp90.dll
windows7-x64
1msvcp90.dll
windows10-2004-x64
1General
-
Target
25db368cc7c0308d014ce0397bd7adac_JaffaCakes118
-
Size
3.9MB
-
Sample
240704-xffqksvgrd
-
MD5
25db368cc7c0308d014ce0397bd7adac
-
SHA1
e7f05494b314747a5ddd0bb41c73289623235ba4
-
SHA256
d2623ed0469b4a7a8f9371cb91bad7bb803564bdda76fdcc5972905edb12f8b9
-
SHA512
92758b707791cf297cc0b311d38e503095e1b7769a385202c527c4242d2e2f7561d1af9d5d13f0fd6c9d739aae131d58f3eca3dd12c515d0e9a305ea6de4a8f7
-
SSDEEP
98304:qiO3DcIFRtNXWRaslUWKj1Bl20I+QRFKX9Mle:McQNXCaslUWm2z+msNMle
Behavioral task
behavioral1
Sample
25db368cc7c0308d014ce0397bd7adac_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
25db368cc7c0308d014ce0397bd7adac_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
CCleaner.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
CCleaner.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Microsoft.mshtml.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
Microsoft.mshtml.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
decaptcher.dll
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
decaptcher.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
fbclient.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
fbclient.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
holfix.exe
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
holfix.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
ibprovider.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
ibprovider.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
icudt30.dll
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
icudt30.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
icuin30.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
icuin30.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
icuuc30.dll
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
icuuc30.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral29
Sample
msvcp80.dll
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
msvcp80.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
msvcp90.dll
Resource
win7-20240419-en
Behavioral task
behavioral32
Sample
msvcp90.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
25db368cc7c0308d014ce0397bd7adac_JaffaCakes118
-
Size
3.9MB
-
MD5
25db368cc7c0308d014ce0397bd7adac
-
SHA1
e7f05494b314747a5ddd0bb41c73289623235ba4
-
SHA256
d2623ed0469b4a7a8f9371cb91bad7bb803564bdda76fdcc5972905edb12f8b9
-
SHA512
92758b707791cf297cc0b311d38e503095e1b7769a385202c527c4242d2e2f7561d1af9d5d13f0fd6c9d739aae131d58f3eca3dd12c515d0e9a305ea6de4a8f7
-
SSDEEP
98304:qiO3DcIFRtNXWRaslUWKj1Bl20I+QRFKX9Mle:McQNXCaslUWm2z+msNMle
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781
-
SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f
-
SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
-
SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
-
SSDEEP
192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
a401e590877ef6c928d2a97c66157094
-
SHA1
75e24799cf67e789fadcc8b7fddefc72fdc4cd61
-
SHA256
2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
-
SHA512
6093415cd090e69cdcb52b5d381d0a8b3e9e5479dac96be641e0071f1add26403b27a453febd8ccfd16393dc1caa03404a369c768a580781aba3068415ee993f
-
SSDEEP
48:iV6sAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Joof5d2:2V11GED5ZTvycNSmwVsTJuftpZR0Ld2
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
254f13dfd61c5b7d2119eb2550491e1d
-
SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6
-
SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
-
SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
-
SSDEEP
192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
CCleaner.exe
-
Size
1.6MB
-
MD5
fdfb209c5a04b7784bb0bb4af7f0b31c
-
SHA1
fe5a7301bcf0593e59265a24e514b756577c30bd
-
SHA256
c565feb2847bf0d116135db188bafe728e889f8f7319f562d7331a2906fd49c7
-
SHA512
76253a95753039ac72bee37e09eba3617330f656b45bee97250de0f4c9b6ab8e3b2353b2256bb07b0c1636bf2f3069a1f99d33063057f3c8e43b13619efb831f
-
SSDEEP
24576:ojfUhykNTubUrgaJu5nuqrnMevWRIRJ1UuFh3zN815tjoiFW:ojfUhxrrJylndvWRIRsazN815tjBFW
-
Checks for any installed AV software in registry
-
-
-
Target
Microsoft.mshtml.dll
-
Size
7.6MB
-
MD5
3bf7213044dd0701e9e03cfed78bb088
-
SHA1
d3329c2d564a678f9425ce6be50b53fab3167359
-
SHA256
04bc62c7c47b6b3aa8ebbd5a776bc0a83c0e5c43ab1886b56560a404c0fcc74c
-
SHA512
faeb4093f430002a7a1eeaf3563e5406087f2becb01d43f36e61250209a6575eeba8fd56f5f5d56cd5da1cbcbbba0044271ed1db465ad6333ab2a958f53658f4
-
SSDEEP
98304:mpkg8hn86iyAB84gPjKVuH62NhND7BMe8Al:mpkg8hn8RStD7BMe8Al
Score1/10 -
-
-
Target
decaptcher.dll
-
Size
72KB
-
MD5
05aa12c2665ebd53f9505d0cf9f37b83
-
SHA1
c0e6e0401fe2bcf40251c3d4514c6b3d58b7a4a3
-
SHA256
6903e1192b4a90bd78f4a0853d6d72bc0fa74ce8800946c698a4406a60c2f239
-
SHA512
586ec510204719da09f2d0761a2d8f9aee0dc15252f9340fcb09137650e21354d3d3c025b362c297d0b3439587d65a3c294cbe2359aa9d6ce224c34fa674bcab
-
SSDEEP
1536:6/3nHtECUPHH0sV2gIHFLJtKbHBlnDLL:g3HtECU/DVVUuzBlnDLL
Score3/10 -
-
-
Target
fbclient.dll
-
Size
3.6MB
-
MD5
b8e93b77d06fe8acc4438bb88f9ae231
-
SHA1
b7b9116db1aae43a58bb8c0f3a002977e10bf834
-
SHA256
688caa8cecbca2a07baded86c567ec844b39aa3dcd50c136ab8ac4bbee8e99f1
-
SHA512
8e3ccb43d67ec90165b44cf5c14db73394ff8d1ac19548a1bc3fe807d361f0a7b5a8c9bb8ca34545a770795fd5f0a07c373039dbc3c6e15fd385eca263e91d23
-
SSDEEP
24576:CmvmNB5rZMCemDjVHBsyEJAYr3RKFgNtXy26oPjdarC/168Cs6RX1HQ46sWJvaKp:CmgdnHTuj0+qHPv203ymNsqYv3jnB
Score1/10 -
-
-
Target
holfix.exe
-
Size
256KB
-
MD5
53f0c95938fdb4b3f0f4814bc8b1b9cc
-
SHA1
08c2a4a3df5381f8f49a5ee2372728400bd24671
-
SHA256
6b3ed396381a68ca58a1f4c73f00b40e2c2f555d031690865a64f26d2c5ed7fb
-
SHA512
2eac3782b5c1e1f45c9492b17910b60f28d2ab69aa7ec1b3e39e3ccf628fe30226c2824309a87d1b84c288b6028b903d3085d01df762ba421c7a5d5a7ddd6f9a
-
SSDEEP
6144:wMWnwQaTtvIa5rD1U8x7Am6OoyFoLp1kvWlp2FN6A5B5dn01:pJQatIerRUAA0o8CTlkFN6Az5dn0
Score8/10-
Drops file in Drivers directory
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
-
-
Target
ibprovider.dll
-
Size
22KB
-
MD5
7c9ff12366ec3cd4228506865b239709
-
SHA1
97846f581197cc21fcce278a83676aaa0096742e
-
SHA256
81c948d694ccd20538284500ae0eb3c3d3c01234012e0df8afc93265048ed3fc
-
SHA512
ef5311c31a0268ab439bedfd8d7109ee4e31c323d683aab4df5b03d00ce5a347163daebdb088a0b627afb296787a510da5bf36c55b6be767f19482c89d7a3f75
-
SSDEEP
384:j83zxzEW+gOvVdBka+J7DRY3BZs7rgzV+5UDPqTT+qdutl/ctSNGx5XORAjHQPy7:Y6NoDWjs7CU+qYnkFORiwPyn7
Score1/10 -
-
-
Target
icudt30.dll
-
Size
1.5MB
-
MD5
38bb7cee2aa52930485939771c44ab2a
-
SHA1
dd028b21c611873c28de3e80f04e787250f97219
-
SHA256
8c04f1ab3a07e21e88d678e6742efc69900bacf73b1e18f97b25115d3cb3e4d5
-
SHA512
b8169042f45b7fd08e7aab17a05fe48dca8ffd203d3b841a990d8836da33bcfaf39ee5953706281c4a47148736c5ed1d51956eca6e8efb67af9d137e1dfe7849
-
SSDEEP
24576:KqaX8Bv2axcToy/oH0C/iwESlzJ5uM8H2ZIuNjMSpnhmW8c238uoL/:88BvPy/i0CKwFEvnckB
Score1/10 -
-
-
Target
icuin30.dll
-
Size
408KB
-
MD5
68c9f7fee9aec9b9ced22d48e2b92857
-
SHA1
b16cb5ef5d8dff48186005e1d7a72eb0935e086f
-
SHA256
2b4e8d37415dde11775cabdfea78c92d724b0d031a722cfadc524b8245c63c93
-
SHA512
172940d17e8ef7ace4a92b8a44f269017f0b99b4b4953e851ee6396dbb76964dbdb1a2480c21b86b08900f6d2f685378b707eda28311bb988140927ebfe6d074
-
SSDEEP
12288:f8D9DwpzrEUkzU9nteJsbkrE9l0nDYcZ/N4:j2NKybE9l0nR/
Score3/10 -
-
-
Target
icuuc30.dll
-
Size
660KB
-
MD5
44f425267038283db1822910679aa32d
-
SHA1
5028fdd93a8e3ea761149ac0d766af207ebedc9d
-
SHA256
a128b8d73f4bc08f0b017789f57a0c20238ff0294361d5ce0233ca75f9eb691a
-
SHA512
918125b249945547d5c263876680867018b9442cd147670c144d6227fe01d1304d5a5305b9d57d24db1eaa4e19dae1a72b0f9f7e32a7bcd4c38b097143b2bd36
-
SSDEEP
12288:rGS0YPmKEK9uxS4TCNfbg4ibCcoInBliDxVPLkQGSWDhap:FmKEKEsnJbg4iFoIBliPLkvph
Score3/10 -
-
-
Target
msvcp80.dll
-
Size
536KB
-
MD5
2bc650257fb0867abd54fd460ec2bafc
-
SHA1
ec063526aa14bcadeeffa6d859b39a80680015b7
-
SHA256
9fc2e85ba84cf0459aab0dc2efac734ad7b5b4c99ba19871fe8f6e35d0191838
-
SHA512
903966f1739727d166131b42df6a7cd77d4f734c01437f7d96f18e8cb2c60a8e49bd952452fde8f0d3a92a002d2404ee78b97472821c190b300c594a5525c0a2
-
SSDEEP
12288:BuYZhMltDoD+OSt+ujajk5RnchUgiW6QR7t553Ooc8NHkC2euB:oOhMltDoqvpjajk59g3Ooc8NHkC2eW
Score1/10 -
-
-
Target
msvcp90.dll
-
Size
556KB
-
MD5
b2eee3dee31f50e082e9c720a6d7757d
-
SHA1
3322840fef43c92fb55dc31e682d19970daf159d
-
SHA256
4608beedd8cf9c3fc5ab03716b4ab6f01c7b7d65a7c072af04f514ffb0e02d01
-
SHA512
8b1854e80045001e7ab3a978fb4aa1de19a3c9fc206013d7bc43aec919f45e46bb7555f667d9f7d7833ab8baa55c9098af8872006ff277fc364a5e6f99ee25d3
-
SSDEEP
12288:iZ/veMyZ137mSEWT0VkypLvgLehUgiW6QR7t5183Ooc8SHkC2eU8bw:iZSZ13iwJmgLq83Ooc8SHkC2efw
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Modify Registry
1