Overview
overview
10Static
static
31e039f9770...18.exe
windows7-x64
101e039f9770...18.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Nwiz.dll
windows7-x64
1Nwiz.dll
windows10-2004-x64
3default_hash.js
ubuntu-18.04-amd64
1default_hash.js
debian-9-armhf
1default_hash.js
debian-9-mips
default_hash.js
debian-9-mipsel
libimalloc.dll
windows7-x64
1libimalloc.dll
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-05-2024 19:26
Static task
static1
Behavioral task
behavioral1
Sample
1e039f9770017f09225e58d7759b700a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1e039f9770017f09225e58d7759b700a_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
Nwiz.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Nwiz.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
default_hash.js
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral8
Sample
default_hash.js
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral9
Sample
default_hash.js
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral10
Sample
default_hash.js
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral11
Sample
libimalloc.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
libimalloc.dll
Resource
win10v2004-20240419-en
General
-
Target
libimalloc.dll
-
Size
3KB
-
MD5
5a9d61592a64ed8d0df13ce430d3bf6a
-
SHA1
d19862c6125595440865cb2b6049572902980101
-
SHA256
fd135a296d34e7b707343d703e05fcefdf08bc2e3be6f554daf765a04710e1f1
-
SHA512
7df008f55f6c3c7cdc862086264e2db571e19a9e6e198e8f7e9505984a7867ac63fb92d49f6c592ef1167e7e7e75f554756b1438d53c899a463c2a3fcc167688
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2860 wrote to memory of 2968 2860 rundll32.exe WerFault.exe PID 2860 wrote to memory of 2968 2860 rundll32.exe WerFault.exe PID 2860 wrote to memory of 2968 2860 rundll32.exe WerFault.exe