Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 08:41
Static task
static1
Behavioral task
behavioral1
Sample
29277540c45a231a0c123f404c3f1940_JaffaCakes118.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
29277540c45a231a0c123f404c3f1940_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
29277540c45a231a0c123f404c3f1940_JaffaCakes118.dll
-
Size
42KB
-
MD5
29277540c45a231a0c123f404c3f1940
-
SHA1
22b360a22091ff70a0a69f7a6cdd72d8d84f2428
-
SHA256
c9e8de1ebf27c1479a36bf65b6c1ecfb57886ff5888cb229cb5b20f84adabf59
-
SHA512
63bf8827740f6698c83ce09a872e175f47a68e0caac112106f991bf3052536f8adbd00edcc5101f8008d5b1fb927ff04b43fd4d052ad010ea5ce04e2bbd1e61e
-
SSDEEP
768:vzUqF8ILJUHiVPVFrBF+ptq0IUIN1WWGqxbLfbyDC9nqQXa:7r8pCVPjBF+pY03IbWWDjbX
Malware Config
Signatures
-
resource yara_rule behavioral2/files/0x000b00000002339a-0.dat aspack_v212_v242 -
Loads dropped DLL 2 IoCs
pid Process 1768 rundll32.exe 1768 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4508 wrote to memory of 1768 4508 rundll32.exe 82 PID 4508 wrote to memory of 1768 4508 rundll32.exe 82 PID 4508 wrote to memory of 1768 4508 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29277540c45a231a0c123f404c3f1940_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29277540c45a231a0c123f404c3f1940_JaffaCakes118.dll,#12⤵
- Loads dropped DLL
PID:1768
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5e2bb1dd461a2b5e8ace9c86c118e9147
SHA17f029413187855e2c22bd6939af3f70d6fee7275
SHA256bfa86b15c54837397c4c14afa9feffe6db2df9bc1db9a0ed9ed326a08f72cb4c
SHA5127551628562dcf7805933b49fb904c4d5466e80bde0b7b33ed011b5b6c09ca92d7d980fe72b477ab21dfeed6003e666d4ce354ca55581ff201ccaa71087219c79
-
Filesize
9KB
MD597754195c5201114a68431c1a590ef16
SHA17cf47c5062dfaa20b6b0341a046a5aad03146271
SHA256334c1f325430e6e551a6b714658c70a3d56137a3da54b72c8592185cecabf594
SHA512f12349181f0ef9e6cecbb524c51cdaa4fd23638458e49fabd6d115acc5d1e12b19e45c049ceb1189048c7774c8da0a18823448494fcba5ab852046ef40b36d54