Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11/05/2024, 06:58
Behavioral task
behavioral1
Sample
335203f4e85883466c868837b251bf1b_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
335203f4e85883466c868837b251bf1b_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
335203f4e85883466c868837b251bf1b_JaffaCakes118.dll
-
Size
2.7MB
-
MD5
335203f4e85883466c868837b251bf1b
-
SHA1
1f729506f2d42dddb90a3ffb3143e4f0cf878709
-
SHA256
a220c2972f36b1d9e455e7c95c999de48dea9dddc236640a4e63ffc02829c014
-
SHA512
3f4f3caa25ab8f74779eafdb7aca26d6406658982e2b1d9aba51dc10272ae575d9b978f382a2938d4370634e34a74f7c91a1d46a817f9d3e00785adf144daca3
-
SSDEEP
49152:OFul+t0etHVZC7mGYUY8E+Y9mOPAI1rlHTseHw1b2Ga++vYPjtB97Q61zF+xH1:Z+C7Tg+UNYSwEq+vYPjtBlm
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2040 wrote to memory of 1228 2040 rundll32.exe 28 PID 2040 wrote to memory of 1228 2040 rundll32.exe 28 PID 2040 wrote to memory of 1228 2040 rundll32.exe 28 PID 2040 wrote to memory of 1228 2040 rundll32.exe 28 PID 2040 wrote to memory of 1228 2040 rundll32.exe 28 PID 2040 wrote to memory of 1228 2040 rundll32.exe 28 PID 2040 wrote to memory of 1228 2040 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\335203f4e85883466c868837b251bf1b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\335203f4e85883466c868837b251bf1b_JaffaCakes118.dll,#12⤵PID:1228
-