Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/04/2024, 06:54
Static task
static1
Behavioral task
behavioral1
Sample
ecd4ccccce35b09659c33c6e5f402919_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ecd4ccccce35b09659c33c6e5f402919_JaffaCakes118.dll
Resource
win10v2004-20240319-en
General
-
Target
ecd4ccccce35b09659c33c6e5f402919_JaffaCakes118.dll
-
Size
840KB
-
MD5
ecd4ccccce35b09659c33c6e5f402919
-
SHA1
371701d311b84967be5cb639ed3642645420a5b6
-
SHA256
3de477e58c825439cb4ac812cb427a9b4cb8ba17422a048d9da9a4cbf4456665
-
SHA512
9bf8cf2549d51e9e344f41d30488bd57a28e9f3a9c6738b1bf233e64d10130ed377e776928a0326d4722f4f6ad304da03fe0887a202ea647afb43fbfb0e1e7b5
-
SSDEEP
12288:cZkG9ytDgQW7+wBGEykNyK/neh/Iio6AQ+iSEE195CMJkW2fKs:YAgQW79UEykNyA1ZdQuTJkRi
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1812 wrote to memory of 2324 1812 rundll32.exe 28 PID 1812 wrote to memory of 2324 1812 rundll32.exe 28 PID 1812 wrote to memory of 2324 1812 rundll32.exe 28 PID 1812 wrote to memory of 2324 1812 rundll32.exe 28 PID 1812 wrote to memory of 2324 1812 rundll32.exe 28 PID 1812 wrote to memory of 2324 1812 rundll32.exe 28 PID 1812 wrote to memory of 2324 1812 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ecd4ccccce35b09659c33c6e5f402919_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ecd4ccccce35b09659c33c6e5f402919_JaffaCakes118.dll,#12⤵PID:2324
-