Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:19
Static task
static1
Behavioral task
behavioral1
Sample
a1b4f03ff75c1e5be265328cebea81ea_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a1b4f03ff75c1e5be265328cebea81ea_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/gjqkpms.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/gjqkpms.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/gjqkpms.dll
-
Size
161KB
-
MD5
398b636dcc156b4ceaeb1f961015c125
-
SHA1
fed5906d6b9b76e2f3288ed2312380ac1d5b4ea1
-
SHA256
74ca8ef55b0b1912f3587060ec229814919ea6891b889254ebcc1ed2f1513f1a
-
SHA512
85beb6e71406ea007604bdb47bc402fcddb5dcf4cc439076dac11769b42d248331dad4eac386afd635cd3f5ac9a3aa7fdab0eceb55c68ac5433960b2471bb65b
-
SSDEEP
3072:GOYZSxgOf6M8CvGLKBdz+tVdQbwDZZJcO:QcjfvGLKHd0/Jc
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2184 2224 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 3056 wrote to memory of 2224 3056 rundll32.exe 28 PID 3056 wrote to memory of 2224 3056 rundll32.exe 28 PID 3056 wrote to memory of 2224 3056 rundll32.exe 28 PID 3056 wrote to memory of 2224 3056 rundll32.exe 28 PID 3056 wrote to memory of 2224 3056 rundll32.exe 28 PID 3056 wrote to memory of 2224 3056 rundll32.exe 28 PID 3056 wrote to memory of 2224 3056 rundll32.exe 28 PID 2224 wrote to memory of 2184 2224 rundll32.exe 29 PID 2224 wrote to memory of 2184 2224 rundll32.exe 29 PID 2224 wrote to memory of 2184 2224 rundll32.exe 29 PID 2224 wrote to memory of 2184 2224 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gjqkpms.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gjqkpms.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 2203⤵
- Program crash
PID:2184
-
-