flawedgracerat | cbaa2034eb6f1020eeb97aaa71f6fd2dbd9e24d68ffb67bbb1c060615c1719a4

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 05:31

Target

4613839e01b895b67528c522e2ae25a5_JaffaCakes118.dll
Size

1.1MB
MD5

4613839e01b895b67528c522e2ae25a5
SHA1

decf4debac01d594eeced08b71abf4c7aa045554
SHA256

cbaa2034eb6f1020eeb97aaa71f6fd2dbd9e24d68ffb67bbb1c060615c1719a4
SHA512

6bff9b124bdf5cfefc79de82147cf6cf3c911f286bb22004fd319c5965df5511455e2aed0f127782c306a81b9924586f8fd538c6f43f47761e9a82318187ff18
SSDEEP

24576:ijyqlwU8sQi+bnJmQIEtKjvjjDSwloHniuL5CA77M1YOK96go:4yCbAb9K7jjDSwlyo1YOY6go

Score

10^/10

FlawedGraceRAT
FlawedGrace is a full-featured RAT written in C++.
rat flawedgracerat

FlawedGraceRat Loader 12 IoCs

Detects FlawedGraceRat x64 loader in memory.

Processes:

resource	yara_rule
behavioral2/memory/2852-1-0x000002A9FB3B0000-0x000002A9FB4CB000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-2-0x000002A9FB3B0000-0x000002A9FB4CB000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-3-0x000002A9FCC70000-0x000002A9FCD8B000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-4-0x000002A9FCC70000-0x000002A9FCD8B000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-6-0x000002A9FD110000-0x000002A9FD22B000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-5-0x000002A9FCFF0000-0x000002A9FD10B000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-7-0x000002A9FCFF0000-0x000002A9FD10B000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-10-0x000002A9FD110000-0x000002A9FD22B000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-11-0x000002A9FCED0000-0x000002A9FCFEB000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-8-0x000002A9FCC70000-0x000002A9FCD8B000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-9-0x000002A9FB3B0000-0x000002A9FB4CB000-memory.dmp	flawgrace_loader_x64
behavioral2/memory/2852-12-0x000002A9FCED0000-0x000002A9FCFEB000-memory.dmp	flawgrace_loader_x64

Modifies registry class 2 IoCs

Processes:

rundll32.exe

description ioc process

Key created \REGISTRY\MACHINE\Software\Classes\CLSID rundll32.exe
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID rundll32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4613839e01b895b67528c522e2ae25a5_JaffaCakes118.dll,#1
1⤵
- Modifies registry class
PID:2852

memory/2852-0-0x00007FF873510000-0x00007FF87362D000-memory.dmp

Filesize
1.1MB

Download
memory/2852-1-0x000002A9FB3B0000-0x000002A9FB4CB000-memory.dmp

Filesize
1.1MB

Download
memory/2852-2-0x000002A9FB3B0000-0x000002A9FB4CB000-memory.dmp

Filesize
1.1MB

Download
memory/2852-3-0x000002A9FCC70000-0x000002A9FCD8B000-memory.dmp

Filesize
1.1MB

Download
memory/2852-4-0x000002A9FCC70000-0x000002A9FCD8B000-memory.dmp

Filesize
1.1MB

Download
memory/2852-6-0x000002A9FD110000-0x000002A9FD22B000-memory.dmp

Filesize
1.1MB

Download
memory/2852-5-0x000002A9FCFF0000-0x000002A9FD10B000-memory.dmp

Filesize
1.1MB

Download
memory/2852-7-0x000002A9FCFF0000-0x000002A9FD10B000-memory.dmp

Filesize
1.1MB

Download
memory/2852-10-0x000002A9FD110000-0x000002A9FD22B000-memory.dmp

Filesize
1.1MB

Download
memory/2852-11-0x000002A9FCED0000-0x000002A9FCFEB000-memory.dmp

Filesize
1.1MB

Download
memory/2852-8-0x000002A9FCC70000-0x000002A9FCD8B000-memory.dmp

Filesize
1.1MB

Download
memory/2852-9-0x000002A9FB3B0000-0x000002A9FB4CB000-memory.dmp

Filesize
1.1MB

Download
memory/2852-12-0x000002A9FCED0000-0x000002A9FCFEB000-memory.dmp

Filesize
1.1MB

Download