Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15/04/2024, 19:10
Behavioral task
behavioral1
Sample
f1b7494286c9dec238f70f56ffb14c80_JaffaCakes118.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
f1b7494286c9dec238f70f56ffb14c80_JaffaCakes118.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
f1b7494286c9dec238f70f56ffb14c80_JaffaCakes118.dll
-
Size
76KB
-
MD5
f1b7494286c9dec238f70f56ffb14c80
-
SHA1
2fd322c2d2aab12407d6a7d1beee4b5b275a3aed
-
SHA256
fc3eb20dee28466a7e6282cb2ce8a6d7f1e79c086c2518aed46916e1b9e709b9
-
SHA512
0618a2e8befbc3ea1801bb867cd38a8dfa48b1432757105b9056b82a533a037714e1b8926e779d8accbce3e3428a1683eeee56f483884da07b4eca8ee2ae2536
-
SSDEEP
1536:c3k/HdXMFxmewny5lgB0LE9W0q7oY1dFhkPPMXT3tt:c3k/HxMFJJgWQo0q5gsTn
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2960-0-0x0000000010000000-0x0000000010025000-memory.dmp vmprotect behavioral2/memory/2960-2-0x0000000010000000-0x0000000010025000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2660 wrote to memory of 2960 2660 rundll32.exe 87 PID 2660 wrote to memory of 2960 2660 rundll32.exe 87 PID 2660 wrote to memory of 2960 2660 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f1b7494286c9dec238f70f56ffb14c80_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f1b7494286c9dec238f70f56ffb14c80_JaffaCakes118.dll,#12⤵PID:2960
-