Overview
overview
7Static
static
35d86f8a185...18.exe
windows7-x64
75d86f8a185...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/eula.html
windows7-x64
1$PLUGINSDIR/eula.html
windows10-2004-x64
1$PLUGINSDI...nt.exe
windows7-x64
1$PLUGINSDI...nt.exe
windows10-2004-x64
1$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
19-07-2024 20:21
Static task
static1
Behavioral task
behavioral1
Sample
5d86f8a18557ca2d4a34424aeec698b6_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5d86f8a18557ca2d4a34424aeec698b6_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/eula.html
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/eula.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/installagent.exe
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/installagent.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/installhelper.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/installhelper.dll
Resource
win10v2004-20240709-en
General
-
Target
$PLUGINSDIR/installhelper.dll
-
Size
296KB
-
MD5
599f9db17bc1bb21ae7d621ba18c7b0b
-
SHA1
517982eded11fca77b619e6440f1a02e510b215e
-
SHA256
02e43c366ddd5e2e6237292b232b09c0df993a88406079c202b3d865c472da4a
-
SHA512
4451539b1fec010921338c170c2fc0197ce5ff019b87f1eba3ae6e779263ad210ff911d1a5108051c3010a53f0a29a3816c6fb3abe4ae19407e6c4ca008fba7c
-
SSDEEP
6144:4aeBlMKhLJ1ijM23pzNUEAO+FjxvxnrSFDoDVOyfPA:EMwkM230ETWjxvB+VynA
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2112 rundll32.exe 2112 rundll32.exe 2112 rundll32.exe 2112 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1540 wrote to memory of 2112 1540 rundll32.exe 30 PID 1540 wrote to memory of 2112 1540 rundll32.exe 30 PID 1540 wrote to memory of 2112 1540 rundll32.exe 30 PID 1540 wrote to memory of 2112 1540 rundll32.exe 30 PID 1540 wrote to memory of 2112 1540 rundll32.exe 30 PID 1540 wrote to memory of 2112 1540 rundll32.exe 30 PID 1540 wrote to memory of 2112 1540 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\installhelper.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\installhelper.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:2112
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5a774cefba4314e099758b202b303ac74
SHA19dbb972900e442e7f4f920753aaac754e9403d70
SHA256470ca4d91730ea7ba949f3e509c5a1a31330fac1443d79069c5db82e8a6af5c9
SHA51248002e8cd383832a96ca856238dabc44b1db9a0bdbd24ec7feb591cdfd017abc4e96509a26da092255c6ca0a36b003a841fba992d4eee4492799fd128ed8e5a2