Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 01:52
Static task
static1
Behavioral task
behavioral1
Sample
659710427e8dc1146383c9c94da23799_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
659710427e8dc1146383c9c94da23799_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/enjrqjq.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/enjrqjq.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/enjrqjq.dll
-
Size
166KB
-
MD5
ce2f5ffc71b5a35226f07eb682ba5dd3
-
SHA1
dfa1509cccf6e9888b303390280de472133f7624
-
SHA256
64f78a164b05e72224bcc0335e85aa7761fdaa88e13152318b12540218b0c57a
-
SHA512
e81fd262d1650b97f340311740e26d00d07c73704341701e3a306411a2eb490c534925e540660101c789d4c06cb21f18fe8763e244884ec0f2b3e5b7e9f199c0
-
SSDEEP
3072:Gx/uQ61kgMqaVJ/GnurFsNMrdSfj2+TU9slaLC:G/uQ6CgwOur3dS72Ve
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3068 2276 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2908 wrote to memory of 2276 2908 rundll32.exe rundll32.exe PID 2908 wrote to memory of 2276 2908 rundll32.exe rundll32.exe PID 2908 wrote to memory of 2276 2908 rundll32.exe rundll32.exe PID 2908 wrote to memory of 2276 2908 rundll32.exe rundll32.exe PID 2908 wrote to memory of 2276 2908 rundll32.exe rundll32.exe PID 2908 wrote to memory of 2276 2908 rundll32.exe rundll32.exe PID 2908 wrote to memory of 2276 2908 rundll32.exe rundll32.exe PID 2276 wrote to memory of 3068 2276 rundll32.exe WerFault.exe PID 2276 wrote to memory of 3068 2276 rundll32.exe WerFault.exe PID 2276 wrote to memory of 3068 2276 rundll32.exe WerFault.exe PID 2276 wrote to memory of 3068 2276 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\enjrqjq.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\enjrqjq.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 2203⤵
- Program crash