Overview
overview
10Static
static
35ca3fdf3bf...18.exe
windows7-x64
105ca3fdf3bf...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$TEMP/votary.dll
windows7-x64
3$TEMP/votary.dll
windows10-2004-x64
3Analysis
-
max time kernel
139s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 02:07
Static task
static1
Behavioral task
behavioral1
Sample
5ca3fdf3bf5727f8362e9586473c0ee8_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5ca3fdf3bf5727f8362e9586473c0ee8_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$TEMP/votary.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$TEMP/votary.dll
Resource
win10v2004-20240508-en
General
-
Target
$TEMP/votary.dll
-
Size
9KB
-
MD5
3d73e5b3c8b9afda7503fb9f48301046
-
SHA1
d96a69633403520e407447719a90478e9f7a74ca
-
SHA256
a575479145477d134099eef830bca17080abfa84295550e5d83788fb4a5653e2
-
SHA512
36b11cc95aaa77c3e8c7d3545089d61ef0767c01fcc0e4622025150d8be65d98a394491376a10589554ad370d49e07e36efc42968663841bd018dc29b6766d2b
-
SSDEEP
96:xrIEuKoCgsQyF8BLkgaNLvDrKVKm5EzmjDlxqE58wVAPNFFHURNDdwTUKDvyd:CvHs4LrCLv05EKlxWw8FFmNZus
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1180 1072 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2236 wrote to memory of 1072 2236 rundll32.exe rundll32.exe PID 2236 wrote to memory of 1072 2236 rundll32.exe rundll32.exe PID 2236 wrote to memory of 1072 2236 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\votary.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\votary.dll,#12⤵PID:1072
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 6123⤵
- Program crash
PID:1180
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1072 -ip 10721⤵PID:404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3608,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:81⤵PID:748