Overview
overview
10Static
static
32b7b6fc8b0...18.exe
windows7-x64
102b7b6fc8b0...18.exe
windows10-2004-x64
7$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$TEMP/glee.dll
windows7-x64
1$TEMP/glee.dll
windows10-2004-x64
1Analysis
-
max time kernel
140s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
09-05-2024 20:07
Static task
static1
Behavioral task
behavioral1
Sample
2b7b6fc8b0a2e9fda739eb8aa8ee6d57_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2b7b6fc8b0a2e9fda739eb8aa8ee6d57_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Splash.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Splash.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$TEMP/glee.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$TEMP/glee.dll
Resource
win10v2004-20240426-en
General
-
Target
$TEMP/glee.dll
-
Size
34KB
-
MD5
9efcdaec062823e9749250da225dfe4d
-
SHA1
1d6209a71c061729683ce81890f2d8c0c02c6e05
-
SHA256
04904de1d15bb931cf85eadb7714bd53f7236de0fbc1f62c22aafb3470ff847c
-
SHA512
b7faee0a4c769ee39fc11fe20c6ec362b6802e9fd7f81d8a495f1423263af8074cf995c1ff8d964680c10c3026e69ddb66e749b9b29784309502d805673a720a
-
SSDEEP
768:tyxfTX4H2MoxHO1iB94vJfIhdV2GLkBrNj2+QE8u8VP:sfTX4zo85w+pa+J8f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4388 wrote to memory of 816 4388 rundll32.exe rundll32.exe PID 4388 wrote to memory of 816 4388 rundll32.exe rundll32.exe PID 4388 wrote to memory of 816 4388 rundll32.exe rundll32.exe