Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
10-05-2024 03:58
Static task
static1
Behavioral task
behavioral1
Sample
2d38d15d58e0b48403b2b407d8d60520_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2d38d15d58e0b48403b2b407d8d60520_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
CabDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
CabDLL.dll
Resource
win10v2004-20240426-en
General
-
Target
CabDLL.dll
-
Size
28KB
-
MD5
a4c07c7c2328612f32465ed4350fc6b1
-
SHA1
578e751f602ed19336406e85e59fdc807e8e5e47
-
SHA256
1fb5fd45067a68ca5cd7428ff2ac81cb5b090ee48383e3ab771d89d08eb10332
-
SHA512
24990ceb668f03410ee62fcf47cfae57a0c5cd1dc09308f8b839c9bcb3ae20c332fdd9ab4a1e63996035b2c835a2aba07b1a38d5a94a47f4432d2c781d711283
-
SSDEEP
192:hRpioDMVr1UNKPpQUnShF0bvJUu0xeKSSBJOt74msjmzO87yPNv77777xYYYYYYq:hRpwzKdhqbvSXI2mrX+PvYYYYYYGL
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2080 wrote to memory of 1244 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 1244 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 1244 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 1244 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 1244 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 1244 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 1244 2080 rundll32.exe rundll32.exe