Overview
overview
10Static
static
30930b4b48c...18.exe
windows7-x64
100930b4b48c...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3begin_pass...1.html
windows7-x64
1begin_pass...1.html
windows10-2004-x64
1policies48...0.html
windows7-x64
1policies48...0.html
windows10-2004-x64
1tweet1845418885.html
windows7-x64
1tweet1845418885.html
windows10-2004-x64
1uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7vitamin-c-...t.html
windows7-x64
1vitamin-c-...t.html
windows10-2004-x64
1zoo.html
windows7-x64
1zoo.html
windows10-2004-x64
1Analysis
-
max time kernel
66s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
30-04-2024 06:03
Static task
static1
Behavioral task
behavioral1
Sample
0930b4b48c0b81a15cf832743da7f70d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0930b4b48c0b81a15cf832743da7f70d_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
begin_password_reset1850795531.html
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
begin_password_reset1850795531.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
policies484632680.html
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
policies484632680.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
tweet1845418885.html
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
tweet1845418885.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
uninstall.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
uninstall.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
vitamin-c-pink-grapefruit.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
vitamin-c-pink-grapefruit.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
zoo.html
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
zoo.html
Resource
win10v2004-20240419-en
General
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3e6bf00b3ac976122f982ae2aadb1c51
-
SHA1
caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
-
SHA256
4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
-
SHA512
1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
-
SSDEEP
192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3068 4516 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1980 wrote to memory of 4516 1980 rundll32.exe rundll32.exe PID 1980 wrote to memory of 4516 1980 rundll32.exe rundll32.exe PID 1980 wrote to memory of 4516 1980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 6123⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4516 -ip 45161⤵