Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-04-2024 10:35
Static task
static1
Behavioral task
behavioral1
Sample
b610b5c669611fbb55ed5965a8cd0c10_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b610b5c669611fbb55ed5965a8cd0c10_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/rznjhun.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/rznjhun.dll
Resource
win10v2004-20240226-en
General
-
Target
$PLUGINSDIR/rznjhun.dll
-
Size
32KB
-
MD5
49e3e63ae4d93b065720946ee9cfb161
-
SHA1
35634d8953dc28f7d5f9712e0f9839142f142a59
-
SHA256
7df0582dfc9b39225e3f5db2c9d707f392fa0cf96c440388bc97f792de260563
-
SHA512
30a3171524548d60451ecc6e8f6c95315d7e60d4a69e54071e7ef54a916ab4e59ab4d02d5eddf12073ebffc8fc8127eedf133f787ffcb0e8e0f30f9bf699c1d6
-
SSDEEP
384:Do2cnM5TGPOd/sWmfCc89ZpfUXBvqGz7z73pp/rgU/r0tTd/eWU9B3nfKAOBjn/7:02vHjphGX/rgUD0tx/Y3nSz9b
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3056 1912 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 3012 wrote to memory of 1912 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 1912 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 1912 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 1912 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 1912 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 1912 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 1912 3012 rundll32.exe rundll32.exe PID 1912 wrote to memory of 3056 1912 rundll32.exe WerFault.exe PID 1912 wrote to memory of 3056 1912 rundll32.exe WerFault.exe PID 1912 wrote to memory of 3056 1912 rundll32.exe WerFault.exe PID 1912 wrote to memory of 3056 1912 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\rznjhun.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\rznjhun.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 2643⤵
- Program crash