Overview
overview
7Static
static
76fa81db22b...18.exe
windows7-x64
76fa81db22b...18.exe
windows10-2004-x64
7$PLUGINSDI...rb.dll
windows7-x64
3$PLUGINSDI...rb.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...la.rtf
windows7-x64
4$PLUGINSDI...la.rtf
windows10-2004-x64
1$PLUGINSDI...ay.dll
windows7-x64
7$PLUGINSDI...ay.dll
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ML.dll
windows7-x64
3$PLUGINSDI...ML.dll
windows10-2004-x64
3$PLUGINSDI...ry.dll
windows7-x64
3$PLUGINSDI...ry.dll
windows10-2004-x64
3$R1/$_1_/U...ll.exe
windows7-x64
7$R1/$_1_/U...ll.exe
windows10-2004-x64
7$PLUGINSDI...ID.dll
windows7-x64
3$PLUGINSDI...ID.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
24-05-2024 19:53
Behavioral task
behavioral1
Sample
6fa81db22bd5ee38e6c36415038887a2_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6fa81db22bd5ee38e6c36415038887a2_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InvokeShellVerb.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InvokeShellVerb.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/MoreInfo.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/MoreInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/ask_eula.rtf
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/ask_eula.rtf
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsArray.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsArray.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsisXML.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsisXML.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/registry.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/registry.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$R1/$_1_/Uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$R1/$_1_/Uninstall.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/ApplicationID.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/ApplicationID.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/ApplicationID.dll
-
Size
52KB
-
MD5
b5d63240d145cef5a226a757bcb9cfa4
-
SHA1
043e7d43b74a71bb1f7ea7a8cccf2150879babe8
-
SHA256
096e40b3fd5803f323660b2687946d4d6ad004e84b27ab67d4f60707358ee375
-
SHA512
c67f4bebdb906cb30b9cbac02a3ca3d06d74d0a4d9f580873242059a7102b278dba2af7b4bbcb728b3dcc40396d56e5bc9aa68485b3657465e173a54666fa1ae
-
SSDEEP
384:Gubd5EUwI12n3t7LgbpbnGRemovGQLRQnM7zvnPjRFgiNrTU77eu7Ix1xPW+hLWD:/bd5EUMtgbnmMG0vvPZ5ki6YPW+hTL
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1636 1524 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3284 wrote to memory of 1524 3284 rundll32.exe rundll32.exe PID 3284 wrote to memory of 1524 3284 rundll32.exe rundll32.exe PID 3284 wrote to memory of 1524 3284 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ApplicationID.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ApplicationID.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 6123⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1524 -ip 15241⤵