Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-03-2024 07:10
Static task
static1
Behavioral task
behavioral1
Sample
0031a23b4bb6abcdccc5f8122de5fcb5_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0031a23b4bb6abcdccc5f8122de5fcb5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/dulsmde.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/dulsmde.dll
Resource
win10v2004-20240226-en
General
-
Target
$PLUGINSDIR/dulsmde.dll
-
Size
105KB
-
MD5
9dcfa8231f1896ca0d48d53fb116841d
-
SHA1
13f92a4af7931b2aabd918d6d3cf4589e316331b
-
SHA256
6e1d37a9909f1774db945f4427800e4d0b821fdca41598f12dba41b59fa3c901
-
SHA512
75d3a9ff265971c659444bd13fc28f90a77e0ce709a34a6c46f9ec75fd7f337df5dbf5ec74b4129890b4b724e40aa10863f6d8d7e74a747ce7c5311f97513d09
-
SSDEEP
1536:MOFgGAexpLuHJsu05OpmubCPMG9zpEENfuJSPRHKarriUCy3WklS9ncobUfs/MdL:hFgGA8uq9Bn1bJCyxlSrbMdyqWU
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2024 2692 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2484 wrote to memory of 2692 2484 rundll32.exe rundll32.exe PID 2484 wrote to memory of 2692 2484 rundll32.exe rundll32.exe PID 2484 wrote to memory of 2692 2484 rundll32.exe rundll32.exe PID 2484 wrote to memory of 2692 2484 rundll32.exe rundll32.exe PID 2484 wrote to memory of 2692 2484 rundll32.exe rundll32.exe PID 2484 wrote to memory of 2692 2484 rundll32.exe rundll32.exe PID 2484 wrote to memory of 2692 2484 rundll32.exe rundll32.exe PID 2692 wrote to memory of 2024 2692 rundll32.exe WerFault.exe PID 2692 wrote to memory of 2024 2692 rundll32.exe WerFault.exe PID 2692 wrote to memory of 2024 2692 rundll32.exe WerFault.exe PID 2692 wrote to memory of 2024 2692 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\dulsmde.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\dulsmde.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 2723⤵
- Program crash