Analysis
-
max time kernel
51s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:19
Static task
static1
Behavioral task
behavioral1
Sample
a1b4f03ff75c1e5be265328cebea81ea_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a1b4f03ff75c1e5be265328cebea81ea_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/gjqkpms.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/gjqkpms.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/gjqkpms.dll
-
Size
161KB
-
MD5
398b636dcc156b4ceaeb1f961015c125
-
SHA1
fed5906d6b9b76e2f3288ed2312380ac1d5b4ea1
-
SHA256
74ca8ef55b0b1912f3587060ec229814919ea6891b889254ebcc1ed2f1513f1a
-
SHA512
85beb6e71406ea007604bdb47bc402fcddb5dcf4cc439076dac11769b42d248331dad4eac386afd635cd3f5ac9a3aa7fdab0eceb55c68ac5433960b2471bb65b
-
SSDEEP
3072:GOYZSxgOf6M8CvGLKBdz+tVdQbwDZZJcO:QcjfvGLKHd0/Jc
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3976 812 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3964 wrote to memory of 812 3964 rundll32.exe 81 PID 3964 wrote to memory of 812 3964 rundll32.exe 81 PID 3964 wrote to memory of 812 3964 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gjqkpms.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gjqkpms.dll,#12⤵PID:812
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 6003⤵
- Program crash
PID:3976
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 812 -ip 8121⤵PID:1636