Overview
overview
7Static
static
73ccc3e661c...18.exe
windows7-x64
73ccc3e661c...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3Mame32.chm
windows7-x64
1Mame32.chm
windows10-2004-x64
1kailleraclient.dll
windows7-x64
7kailleraclient.dll
windows10-2004-x64
7mame32k.exe
windows7-x64
7mame32k.exe
windows10-2004-x64
7mame32kk.exe
windows7-x64
1mame32kk.exe
windows10-2004-x64
1zip32.dll
windows7-x64
3zip32.dll
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12-07-2024 09:19
Behavioral task
behavioral1
Sample
3ccc3e661c87c5207bfecc89e6c6cc98_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3ccc3e661c87c5207bfecc89e6c6cc98_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Mame32.chm
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
Mame32.chm
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
kailleraclient.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
kailleraclient.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
mame32k.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
mame32k.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
mame32kk.exe
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
mame32kk.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
zip32.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
zip32.dll
Resource
win10v2004-20240709-en
General
-
Target
kailleraclient.dll
-
Size
31KB
-
MD5
919aceb24360595da69d975e08a08ea5
-
SHA1
15d2a05133047fabeee62de7d5df533106d29f2b
-
SHA256
454440aeedb3b569bf49f11c953d0d5bb8ba42ff60d58c8ae6696eecc920280e
-
SHA512
358fbcb31db1ab882c9ed7415be96962f5a22eec6417ef1537dff95271cee3cb4f7c8eb7685b8f5cdce316d530ac23ff303ace68d2cf83d8decb221b6789dbcb
-
SSDEEP
768:2LiLjbKGY60H17PJc/TG0BXOZDRmDOCjq/:UK/Oh17PeqAgDRmal/
Malware Config
Signatures
-
resource yara_rule behavioral8/memory/4940-0-0x0000000010000000-0x0000000010017000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4204 wrote to memory of 4940 4204 rundll32.exe 83 PID 4204 wrote to memory of 4940 4204 rundll32.exe 83 PID 4204 wrote to memory of 4940 4204 rundll32.exe 83