Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-05-2024 12:57
Static task
static1
Behavioral task
behavioral1
Sample
54d105a742ae07f7f55d30738a7b014f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
54d105a742ae07f7f55d30738a7b014f_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Crypto.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Crypto.dll
Resource
win10v2004-20240508-en
General
-
Target
Crypto.dll
-
Size
11KB
-
MD5
d7abc2b77ed9178f00c2bef667a988da
-
SHA1
66f2f2ea1161f2f48b5df3a49fd3e43651642237
-
SHA256
8708aad9e59923e1b7830e763c5a42107449a378a6f355d46d58e8c85e44f8d2
-
SHA512
0dc6b4719ad872402573960f6be6e14f80cd5a000d240bd7a171d625833eac2c9c6d44e1c145d5d28b6dc4a4920174f2c19f76efa1f3d33ecca59994f6ec324f
-
SSDEEP
96:5ZPB90NVWfo8HYfX5S3f+TGII9UEJIZ5bLhS5dpEE33OpRkNE3xBWoP5aAb:V4ov+yp1eRNS5dmeOzLRLb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1948 wrote to memory of 1508 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1508 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1508 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1508 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1508 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1508 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1508 1948 rundll32.exe rundll32.exe