Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 08:27
Static task
static1
Behavioral task
behavioral1
Sample
66a29907be635eec743eb65225c63ec7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
66a29907be635eec743eb65225c63ec7_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
CabDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
CabDLL.dll
Resource
win10v2004-20240426-en
General
-
Target
CabDLL.dll
-
Size
28KB
-
MD5
a4c07c7c2328612f32465ed4350fc6b1
-
SHA1
578e751f602ed19336406e85e59fdc807e8e5e47
-
SHA256
1fb5fd45067a68ca5cd7428ff2ac81cb5b090ee48383e3ab771d89d08eb10332
-
SHA512
24990ceb668f03410ee62fcf47cfae57a0c5cd1dc09308f8b839c9bcb3ae20c332fdd9ab4a1e63996035b2c835a2aba07b1a38d5a94a47f4432d2c781d711283
-
SSDEEP
192:hRpioDMVr1UNKPpQUnShF0bvJUu0xeKSSBJOt74msjmzO87yPNv77777xYYYYYYq:hRpwzKdhqbvSXI2mrX+PvYYYYYYGL
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1836 wrote to memory of 2440 1836 rundll32.exe rundll32.exe PID 1836 wrote to memory of 2440 1836 rundll32.exe rundll32.exe PID 1836 wrote to memory of 2440 1836 rundll32.exe rundll32.exe PID 1836 wrote to memory of 2440 1836 rundll32.exe rundll32.exe PID 1836 wrote to memory of 2440 1836 rundll32.exe rundll32.exe PID 1836 wrote to memory of 2440 1836 rundll32.exe rundll32.exe PID 1836 wrote to memory of 2440 1836 rundll32.exe rundll32.exe