Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/05/2024, 09:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll
-
Size
110KB
-
MD5
2440443f861970f24b7cc95747131f4b
-
SHA1
7cf5ee4ed44cabd1f8e05745f6aae46c72ad99c0
-
SHA256
4adfba86c6bb962570cc60f18cf1712a8c31bfd12830b504143d5d1f3546f221
-
SHA512
b03e8ef49a51a1a098d34f8bb70391b6676f62548b995e46c36661f44500ec55d53b89aa1c1f0d4f56d48cbc612f9482344ac2b16be76f6a05711ad2bd608226
-
SSDEEP
3072:SiBhgqalOv2jSey+5lmrUSFURu666ws66LZp9:vBGqacbel5GOo6t66LZ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2020 wrote to memory of 2488 2020 rundll32.exe 28 PID 2020 wrote to memory of 2488 2020 rundll32.exe 28 PID 2020 wrote to memory of 2488 2020 rundll32.exe 28 PID 2020 wrote to memory of 2488 2020 rundll32.exe 28 PID 2020 wrote to memory of 2488 2020 rundll32.exe 28 PID 2020 wrote to memory of 2488 2020 rundll32.exe 28 PID 2020 wrote to memory of 2488 2020 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll,#12⤵PID:2488
-