Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-04-2024 15:04
Static task
static1
Behavioral task
behavioral1
Sample
f841c72b1c4cadc4c98903ad26a96a16_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f841c72b1c4cadc4c98903ad26a96a16_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/xpbpx.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/xpbpx.dll
Resource
win10v2004-20240226-en
General
-
Target
$PLUGINSDIR/xpbpx.dll
-
Size
104KB
-
MD5
4eb0e08649f542fd0e44bef7845956fc
-
SHA1
5fac196ee8af08f8f954f3086c0250a905986c02
-
SHA256
15ed84b6d171b6b6834aa6a39150b6165b2c83411929a8c6963b6e446df44ed1
-
SHA512
de809b359ccd7b65b41fd8320a16793c74ae1eecfee3f25d8a9943ca4d2cda675733794ec944e11d62fcd0f6ad9a0bfd7748e74841c68c6796255235b3d0b68f
-
SSDEEP
1536:oJUmgGAYhReTNsu0yGLmQEQoOoLz8I5EgZ2UlH08mAiI3Wklk9ncobUfsQzt2jwM:CUmgGASei2EAPP3xlkrEmP
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2084 2036 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2812 wrote to memory of 2036 2812 rundll32.exe rundll32.exe PID 2812 wrote to memory of 2036 2812 rundll32.exe rundll32.exe PID 2812 wrote to memory of 2036 2812 rundll32.exe rundll32.exe PID 2812 wrote to memory of 2036 2812 rundll32.exe rundll32.exe PID 2812 wrote to memory of 2036 2812 rundll32.exe rundll32.exe PID 2812 wrote to memory of 2036 2812 rundll32.exe rundll32.exe PID 2812 wrote to memory of 2036 2812 rundll32.exe rundll32.exe PID 2036 wrote to memory of 2084 2036 rundll32.exe WerFault.exe PID 2036 wrote to memory of 2084 2036 rundll32.exe WerFault.exe PID 2036 wrote to memory of 2084 2036 rundll32.exe WerFault.exe PID 2036 wrote to memory of 2084 2036 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\xpbpx.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\xpbpx.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 2603⤵
- Program crash