Overview
overview
9Static
static
7342b6eafbc...18.exe
windows7-x64
7342b6eafbc...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
7$PLUGINSDI...on.dll
windows10-2004-x64
7DriverAssist.exe
windows7-x64
9DriverAssist.exe
windows10-2004-x64
9Analysis
-
max time kernel
124s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 10:42
Behavioral task
behavioral1
Sample
342b6eafbc9f18889a492925a33a2cc5_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
342b6eafbc9f18889a492925a33a2cc5_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/version.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/version.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
DriverAssist.exe
Resource
win7-20240508-en
General
-
Target
$PLUGINSDIR/nsisdl.dll
-
Size
15KB
-
MD5
5fadae311a0c96a8314f463520a08bf3
-
SHA1
7c4445bd00985050546b473f1892e5e917fbb058
-
SHA256
93d03b5b15484e37315f3f0bb1d60a38e666fe714a9a0a28f831f6228c587562
-
SHA512
045d1bbf9802b204354757c94d0b90fc3b9f490dc3d68b12ec0fc83e127c3544c123df3cabb9a4285742d38fa9bcfaf376c800ba3cbbfd84ac624dc89a1dc4b9
-
SSDEEP
384:dhyd8Y6pu8ZaLf6Uksnw1g8BUcyHisUOb:dhyd8Y67WGg8B/Eie
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1008 436 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4176 wrote to memory of 436 4176 rundll32.exe rundll32.exe PID 4176 wrote to memory of 436 4176 rundll32.exe rundll32.exe PID 4176 wrote to memory of 436 4176 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisdl.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4176 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisdl.dll,#12⤵PID:436
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 6283⤵
- Program crash
PID:1008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 436 -ip 4361⤵PID:3224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4168,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:81⤵PID:3328