Analysis
-
max time kernel
51s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 18:30
Static task
static1
Behavioral task
behavioral1
Sample
9f258f64d41791320ef3291f119d3589_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9f258f64d41791320ef3291f119d3589_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/fflygad.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/fflygad.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/fflygad.dll
-
Size
170KB
-
MD5
530f95fe67c0c7bed4c7ded4cf06a28e
-
SHA1
1d9c908c98e0f1c4a0b5b53bbe010e4b7da98531
-
SHA256
24933c36862dae3b56dc20205ff9e2985174078bf98ea1c6d4e31ae727608f55
-
SHA512
c52b9d864413ac4108b6769dc397cf005ac97e2b7c628aec8e2762c652397b64f81c846de26a4af9231ab60f94a06fb765ad0846f304697c8e7670cbeaba296e
-
SSDEEP
3072:GN0ZUeRbV3oa22aGTwldKK/+vJwOzCClZAj:e0ZjRZ4zlL/L6TA
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 672 4944 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4508 wrote to memory of 4944 4508 rundll32.exe rundll32.exe PID 4508 wrote to memory of 4944 4508 rundll32.exe rundll32.exe PID 4508 wrote to memory of 4944 4508 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fflygad.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fflygad.dll,#12⤵PID:4944
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 6003⤵
- Program crash
PID:672
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4944 -ip 49441⤵PID:3084