Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 11:40
Static task
static1
Behavioral task
behavioral1
Sample
7907bc2710896a08c53b0874b5b43ed0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7907bc2710896a08c53b0874b5b43ed0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/koi.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/koi.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsisunz.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsisunz.dll
Resource
win10v2004-20240426-en
General
-
Target
$PLUGINSDIR/koi.dll
-
Size
120KB
-
MD5
ff3ac96d9d128501b224b26ad4b85486
-
SHA1
ce85c8ee340921b8660f6ad14b5429b3703b6bf5
-
SHA256
44b5ee3459781f5ca44873c738ca16b050b4101c49dcf8b0da556775be189963
-
SHA512
a2ab56bf0de5075817a600bb4cca472e82b8f207f5fbd886bbab3e4a8a58b7ed9acc180bbbd3c5646b9c52189962be468dc30fb48f66ade6aa87d3ec8f61e42f
-
SSDEEP
1536:FxFC4OSN1I2Lpf63GYMdgkhIyRFMrfozBH7b2PFnZBsZeMMSl2j:VCaN1FLpvljQq7b2PBsZe/S4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2320 wrote to memory of 1712 2320 rundll32.exe 28 PID 2320 wrote to memory of 1712 2320 rundll32.exe 28 PID 2320 wrote to memory of 1712 2320 rundll32.exe 28 PID 2320 wrote to memory of 1712 2320 rundll32.exe 28 PID 2320 wrote to memory of 1712 2320 rundll32.exe 28 PID 2320 wrote to memory of 1712 2320 rundll32.exe 28 PID 2320 wrote to memory of 1712 2320 rundll32.exe 28