Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/04/2024, 11:10
Static task
static1
Behavioral task
behavioral1
Sample
e9dadf919d53446b1d8637a1061db656_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e9dadf919d53446b1d8637a1061db656_JaffaCakes118.dll
Resource
win10v2004-20240226-en
General
-
Target
e9dadf919d53446b1d8637a1061db656_JaffaCakes118.dll
-
Size
66KB
-
MD5
e9dadf919d53446b1d8637a1061db656
-
SHA1
70a1ef306eba321fbb14fe2eab6a7f1e96aae0e6
-
SHA256
a8868d0d92f1e2dc294d1ebbbcddd08c20781315aa72f4cdfa019ef5959689f2
-
SHA512
537a2e59957556b8f6b1a2bae9273af6e4e09e1d5fff4dc3a5c711d14c17984eeebda82f2ccd7594b4843870b0e61fd1012047a0b4172c02ec27719a48594570
-
SSDEEP
768:zE5iCi6dOSeALnvTn0VByNWIAb9pVb+NvJUmztd+GuJIC0BTM5leaLz39ZGhPwZn:aNvweWIYVb+NvqJmMxvp4hR2GYHkCU8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 384 wrote to memory of 1132 384 rundll32.exe 85 PID 384 wrote to memory of 1132 384 rundll32.exe 85 PID 384 wrote to memory of 1132 384 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e9dadf919d53446b1d8637a1061db656_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:384 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e9dadf919d53446b1d8637a1061db656_JaffaCakes118.dll,#12⤵PID:1132
-