Overview
overview
10Static
static
35ca3fdf3bf...18.exe
windows7-x64
105ca3fdf3bf...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$TEMP/votary.dll
windows7-x64
3$TEMP/votary.dll
windows10-2004-x64
3Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 02:07
Static task
static1
Behavioral task
behavioral1
Sample
5ca3fdf3bf5727f8362e9586473c0ee8_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5ca3fdf3bf5727f8362e9586473c0ee8_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$TEMP/votary.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$TEMP/votary.dll
Resource
win10v2004-20240508-en
General
-
Target
$TEMP/votary.dll
-
Size
9KB
-
MD5
3d73e5b3c8b9afda7503fb9f48301046
-
SHA1
d96a69633403520e407447719a90478e9f7a74ca
-
SHA256
a575479145477d134099eef830bca17080abfa84295550e5d83788fb4a5653e2
-
SHA512
36b11cc95aaa77c3e8c7d3545089d61ef0767c01fcc0e4622025150d8be65d98a394491376a10589554ad370d49e07e36efc42968663841bd018dc29b6766d2b
-
SSDEEP
96:xrIEuKoCgsQyF8BLkgaNLvDrKVKm5EzmjDlxqE58wVAPNFFHURNDdwTUKDvyd:CvHs4LrCLv05EKlxWw8FFmNZus
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2308 1616 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2108 wrote to memory of 1616 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 1616 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 1616 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 1616 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 1616 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 1616 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 1616 2108 rundll32.exe rundll32.exe PID 1616 wrote to memory of 2308 1616 rundll32.exe WerFault.exe PID 1616 wrote to memory of 2308 1616 rundll32.exe WerFault.exe PID 1616 wrote to memory of 2308 1616 rundll32.exe WerFault.exe PID 1616 wrote to memory of 2308 1616 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\votary.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\votary.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1616 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 2243⤵
- Program crash
PID:2308