Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16/04/2024, 07:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll
-
Size
845KB
-
MD5
f2f7eb55c84100d57a6cdfa1bdab3a83
-
SHA1
abcdf1cfbaac95334e4047bc91adfc4831c8edaf
-
SHA256
0e14936eddf5e9f42517423119eeed2efc8fc624685726e591f803872bfd7fe8
-
SHA512
5d5000663be7b05fe83f909552f965fe197a08a6dfb7763f511a09eac94813db9484c1b1ea17e69371439929c1c215be849d188f7a11fefa8b0a69a5c1930723
-
SSDEEP
24576:XNmaEpDRpG7G7ND08mR1QEiHG/d76txV/b:XbEdzfkR1QEiWdOtxVT
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2616 3456 WerFault.exe 86 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 432 wrote to memory of 3456 432 rundll32.exe 86 PID 432 wrote to memory of 3456 432 rundll32.exe 86 PID 432 wrote to memory of 3456 432 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll,#12⤵PID:3456
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 6403⤵
- Program crash
PID:2616
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3456 -ip 34561⤵PID:2504