Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 08:41

General

  • Target

    29277540c45a231a0c123f404c3f1940_JaffaCakes118.dll

  • Size

    42KB

  • MD5

    29277540c45a231a0c123f404c3f1940

  • SHA1

    22b360a22091ff70a0a69f7a6cdd72d8d84f2428

  • SHA256

    c9e8de1ebf27c1479a36bf65b6c1ecfb57886ff5888cb229cb5b20f84adabf59

  • SHA512

    63bf8827740f6698c83ce09a872e175f47a68e0caac112106f991bf3052536f8adbd00edcc5101f8008d5b1fb927ff04b43fd4d052ad010ea5ce04e2bbd1e61e

  • SSDEEP

    768:vzUqF8ILJUHiVPVFrBF+ptq0IUIN1WWGqxbLfbyDC9nqQXa:7r8pCVPjBF+pY03IbWWDjbX

Score
7/10

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\29277540c45a231a0c123f404c3f1940_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4508
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\29277540c45a231a0c123f404c3f1940_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B1bZAw09LJ.sf

    Filesize

    19KB

    MD5

    e2bb1dd461a2b5e8ace9c86c118e9147

    SHA1

    7f029413187855e2c22bd6939af3f70d6fee7275

    SHA256

    bfa86b15c54837397c4c14afa9feffe6db2df9bc1db9a0ed9ed326a08f72cb4c

    SHA512

    7551628562dcf7805933b49fb904c4d5466e80bde0b7b33ed011b5b6c09ca92d7d980fe72b477ab21dfeed6003e666d4ce354ca55581ff201ccaa71087219c79

  • C:\Users\Admin\AppData\Local\Temp\gtXI107N.sf

    Filesize

    9KB

    MD5

    97754195c5201114a68431c1a590ef16

    SHA1

    7cf47c5062dfaa20b6b0341a046a5aad03146271

    SHA256

    334c1f325430e6e551a6b714658c70a3d56137a3da54b72c8592185cecabf594

    SHA512

    f12349181f0ef9e6cecbb524c51cdaa4fd23638458e49fabd6d115acc5d1e12b19e45c049ceb1189048c7774c8da0a18823448494fcba5ab852046ef40b36d54

  • memory/1768-1-0x0000000074CD0000-0x0000000074CDC000-memory.dmp

    Filesize

    48KB

  • memory/1768-3-0x0000000074CD0000-0x0000000074CDC000-memory.dmp

    Filesize

    48KB

  • memory/1768-4-0x0000000074CD0000-0x0000000074CDC000-memory.dmp

    Filesize

    48KB