Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12-05-2024 19:47
Static task
static1
Behavioral task
behavioral1
Sample
3bc88ab2dae5dd7dc924b64e45a5e831_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
3bc88ab2dae5dd7dc924b64e45a5e831_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
CDRom.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
CDRom.dll
Resource
win10v2004-20240226-en
General
-
Target
CDRom.dll
-
Size
26KB
-
MD5
f65d5bc68f1fb11619ba6b464913dce2
-
SHA1
b67b2d285b64209eaa6a7011f244992f39509d22
-
SHA256
7b342d996d54d971e4910d0a53e7b120a926c01a3fd173d98bf00e8d52e32af4
-
SHA512
331eeabf497202aff3dcf1c8c9545b9ee60a6f02c3cb13cd827410a9b0fa63f2c29896db2ab50c06abef8a31169490dc487021ecd4c3ba51acc011af61f2e769
-
SSDEEP
384:D8D4FgaKCyBSjGSW2N41Un+K/BUtLFnD+WagQ7Fs9tJOtB6udDSJHXw:DPerCyy3C1U+KQLFnD+LFO+tB6kN
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1720 wrote to memory of 2512 1720 rundll32.exe rundll32.exe PID 1720 wrote to memory of 2512 1720 rundll32.exe rundll32.exe PID 1720 wrote to memory of 2512 1720 rundll32.exe rundll32.exe PID 1720 wrote to memory of 2512 1720 rundll32.exe rundll32.exe PID 1720 wrote to memory of 2512 1720 rundll32.exe rundll32.exe PID 1720 wrote to memory of 2512 1720 rundll32.exe rundll32.exe PID 1720 wrote to memory of 2512 1720 rundll32.exe rundll32.exe