Analysis
-
max time kernel
142s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12-05-2024 19:47
Static task
static1
Behavioral task
behavioral1
Sample
3bc88ab2dae5dd7dc924b64e45a5e831_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
3bc88ab2dae5dd7dc924b64e45a5e831_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
CDRom.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
CDRom.dll
Resource
win10v2004-20240226-en
General
-
Target
CDRom.dll
-
Size
26KB
-
MD5
f65d5bc68f1fb11619ba6b464913dce2
-
SHA1
b67b2d285b64209eaa6a7011f244992f39509d22
-
SHA256
7b342d996d54d971e4910d0a53e7b120a926c01a3fd173d98bf00e8d52e32af4
-
SHA512
331eeabf497202aff3dcf1c8c9545b9ee60a6f02c3cb13cd827410a9b0fa63f2c29896db2ab50c06abef8a31169490dc487021ecd4c3ba51acc011af61f2e769
-
SSDEEP
384:D8D4FgaKCyBSjGSW2N41Un+K/BUtLFnD+WagQ7Fs9tJOtB6udDSJHXw:DPerCyy3C1U+KQLFnD+LFO+tB6kN
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2760 4740 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4076 wrote to memory of 4740 4076 rundll32.exe rundll32.exe PID 4076 wrote to memory of 4740 4076 rundll32.exe rundll32.exe PID 4076 wrote to memory of 4740 4076 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\CDRom.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\CDRom.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 5683⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4740 -ip 47401⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4740-0-0x000000006C980000-0x000000006C98F000-memory.dmpFilesize
60KB