Overview
overview
7Static
static
77294e29167...18.exe
windows7-x64
77294e29167...18.exe
windows10-2004-x64
7$COMMONFIL...WT.dll
windows7-x64
1$COMMONFIL...WT.dll
windows10-2004-x64
1$COMMONFIL...st.dll
windows7-x64
1$COMMONFIL...st.dll
windows10-2004-x64
3$COMMONFIL...WT.dll
windows7-x64
1$COMMONFIL...WT.dll
windows10-2004-x64
1$COMMONFIL...ib.dll
windows7-x64
3$COMMONFIL...ib.dll
windows10-2004-x64
3$COMMONFIL...rl.dll
windows7-x64
1$COMMONFIL...rl.dll
windows10-2004-x64
3$COMMONFIL...lu.dll
windows7-x64
1$COMMONFIL...lu.dll
windows10-2004-x64
1$COMMONFIL...lu.dll
windows7-x64
1$COMMONFIL...lu.dll
windows10-2004-x64
3$COMMONFIL...2u.dll
windows7-x64
1$COMMONFIL...2u.dll
windows10-2004-x64
1$COMMONFIL...pt.dll
windows7-x64
1$COMMONFIL...pt.dll
windows10-2004-x64
1$PLUGINSDI...on.dll
windows7-x64
7$PLUGINSDI...on.dll
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...il.dll
windows7-x64
3$PLUGINSDI...il.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 16:35
Behavioral task
behavioral1
Sample
7294e29167cf8ea40ec76fd33a174a43_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
7294e29167cf8ea40ec76fd33a174a43_JaffaCakes118.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$COMMONFILES/nProtect Shared/Engine/BWT.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
$COMMONFILES/nProtect Shared/Engine/BWT.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$COMMONFILES/nProtect Shared/Engine/BwtTrust.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
$COMMONFILES/nProtect Shared/Engine/BwtTrust.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$COMMONFILES/nProtect Shared/Engine/NpBWT.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral8
Sample
$COMMONFILES/nProtect Shared/Engine/NpBWT.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$COMMONFILES/nProtect Shared/Engine/NpHttpsLib.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
$COMMONFILES/nProtect Shared/Engine/NpHttpsLib.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$COMMONFILES/nProtect Shared/Engine/TeCtrl.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
$COMMONFILES/nProtect Shared/Engine/TeCtrl.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$COMMONFILES/nProtect Shared/Engine/TeCtrlu.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral14
Sample
$COMMONFILES/nProtect Shared/Engine/TeCtrlu.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$COMMONFILES/nProtect Shared/Engine/TySUtilu.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral16
Sample
$COMMONFILES/nProtect Shared/Engine/TySUtilu.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$COMMONFILES/nProtect Shared/Engine/tyav32u.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral18
Sample
$COMMONFILES/nProtect Shared/Engine/tyav32u.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$COMMONFILES/nProtect Shared/Engine/tyavexcept.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
$COMMONFILES/nProtect Shared/Engine/tyavexcept.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/npeNSISUtil.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/npeNSISUtil.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/npeNSISUtil.dll
-
Size
289KB
-
MD5
e207be5269902adf36bb328174b41985
-
SHA1
b2db8406290b7d89320e660e9b07c3de444cdede
-
SHA256
c60d65fbfab309f8dbbbdef8735f52e77166394ed919302f537f4406073428fd
-
SHA512
359f9741f62294b175d2261e34b581a522b59dc4b28470d2dc7351ce16af54f02a5069eca2b9f15f4f79c3fcdf3f3fff9231cbaa00eb935a1ebc6d10bbe2c151
-
SSDEEP
3072:fScXRqUMRrNsD29MXew44JYjIU3rKixkJO/pjaS7odPrBxUBnhfxf2uKfsbGuJgn:f83Mm4IaxOhwuKnuJgS6IUxXY+jKat
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2248 2380 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2376 wrote to memory of 2380 2376 rundll32.exe 28 PID 2376 wrote to memory of 2380 2376 rundll32.exe 28 PID 2376 wrote to memory of 2380 2376 rundll32.exe 28 PID 2376 wrote to memory of 2380 2376 rundll32.exe 28 PID 2376 wrote to memory of 2380 2376 rundll32.exe 28 PID 2376 wrote to memory of 2380 2376 rundll32.exe 28 PID 2376 wrote to memory of 2380 2376 rundll32.exe 28 PID 2380 wrote to memory of 2248 2380 rundll32.exe 29 PID 2380 wrote to memory of 2248 2380 rundll32.exe 29 PID 2380 wrote to memory of 2248 2380 rundll32.exe 29 PID 2380 wrote to memory of 2248 2380 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\npeNSISUtil.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\npeNSISUtil.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 2483⤵
- Program crash
PID:2248
-
-