Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11/05/2024, 06:58
Behavioral task
behavioral1
Sample
335203f4e85883466c868837b251bf1b_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
335203f4e85883466c868837b251bf1b_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
335203f4e85883466c868837b251bf1b_JaffaCakes118.dll
-
Size
2.7MB
-
MD5
335203f4e85883466c868837b251bf1b
-
SHA1
1f729506f2d42dddb90a3ffb3143e4f0cf878709
-
SHA256
a220c2972f36b1d9e455e7c95c999de48dea9dddc236640a4e63ffc02829c014
-
SHA512
3f4f3caa25ab8f74779eafdb7aca26d6406658982e2b1d9aba51dc10272ae575d9b978f382a2938d4370634e34a74f7c91a1d46a817f9d3e00785adf144daca3
-
SSDEEP
49152:OFul+t0etHVZC7mGYUY8E+Y9mOPAI1rlHTseHw1b2Ga++vYPjtB97Q61zF+xH1:Z+C7Tg+UNYSwEq+vYPjtBlm
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3856 wrote to memory of 1088 3856 rundll32.exe 82 PID 3856 wrote to memory of 1088 3856 rundll32.exe 82 PID 3856 wrote to memory of 1088 3856 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\335203f4e85883466c868837b251bf1b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\335203f4e85883466c868837b251bf1b_JaffaCakes118.dll,#12⤵PID:1088
-