Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/04/2024, 13:59
Behavioral task
behavioral1
Sample
f825a73f485653d18fa7865191c5634e_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f825a73f485653d18fa7865191c5634e_JaffaCakes118.dll
Resource
win10v2004-20240412-en
General
-
Target
f825a73f485653d18fa7865191c5634e_JaffaCakes118.dll
-
Size
612KB
-
MD5
f825a73f485653d18fa7865191c5634e
-
SHA1
d640f3823d683fd767ae3555229871156c25fc1c
-
SHA256
6a09d5cd9c839868af56e8917fc4fe2314e5c9e60772cc7377cd8270e2c527dc
-
SHA512
e8776c00366afc213872060848bd65ce5caf52b8cb619d76b48e3119b14159a850a51ca869b2826b9e27a8f1c78d6f8c563f54d33441a122aaf529530b7f1c07
-
SSDEEP
12288:y4O3liJG1PmeeVByRP8I6oH4M21AMMJypUrmhZNsy0PKoGcLszGVvcfRY:y4EQHxQkI6q4M229JqUrmHNsyiKHSUfR
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2900-0-0x0000000074810000-0x0000000074987000-memory.dmp themida -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2872 wrote to memory of 2900 2872 rundll32.exe 28 PID 2872 wrote to memory of 2900 2872 rundll32.exe 28 PID 2872 wrote to memory of 2900 2872 rundll32.exe 28 PID 2872 wrote to memory of 2900 2872 rundll32.exe 28 PID 2872 wrote to memory of 2900 2872 rundll32.exe 28 PID 2872 wrote to memory of 2900 2872 rundll32.exe 28 PID 2872 wrote to memory of 2900 2872 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f825a73f485653d18fa7865191c5634e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f825a73f485653d18fa7865191c5634e_JaffaCakes118.dll,#12⤵PID:2900
-