Overview
overview
7Static
static
3a5aae6dc2d...18.exe
windows7-x64
7a5aae6dc2d...18.exe
windows10-2004-x64
7$PLUGINSDI...ig.dll
windows7-x64
3$PLUGINSDI...ig.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...or.dll
windows7-x64
3$PLUGINSDI...or.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDIR/t1.dll
windows7-x64
1$PLUGINSDIR/t1.dll
windows10-2004-x64
1IWsrv.exe
windows7-x64
1IWsrv.exe
windows10-2004-x64
1Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 13:02
Static task
static1
Behavioral task
behavioral1
Sample
a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a5aae6dc2d5787d13aaeb4e88ca40039_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/WmiInspector.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/WmiInspector.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/t1.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/t1.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
IWsrv.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
IWsrv.exe
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/t1.dll
-
Size
4KB
-
MD5
058ba8a0916d957d3b91d08ea2e876e2
-
SHA1
1a7c36c50c5bd93f535b624a2882bc3905e7e7f3
-
SHA256
510af8083c0eef8b04e1171a9d6d94c64a1859701bbb106c565d2ec869437661
-
SHA512
24124b45bf42e186a06fcb71ca7e2c1fed3b762b681286185d7cdff53b3800c35b6326a6f21c82e9de59d8bbcb3fdab4a5c1cc9c8683e43ff230b07913d26f02
-
SSDEEP
48:a/1/wEVQWsasy/372nPbws6KcSCcqGTN5gXwvl9g6P:81/wise/37upcpcqGh5gs
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 824 wrote to memory of 4748 824 rundll32.exe rundll32.exe PID 824 wrote to memory of 4748 824 rundll32.exe rundll32.exe PID 824 wrote to memory of 4748 824 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\t1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:824 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\t1.dll,#12⤵PID:4748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4284 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:81⤵PID:1892