Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19/06/2024, 23:26
Static task
static1
Behavioral task
behavioral1
Sample
0128619fcb67b0d2bd53d27c06bbcf38_JaffaCakes118.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0128619fcb67b0d2bd53d27c06bbcf38_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
0128619fcb67b0d2bd53d27c06bbcf38_JaffaCakes118.dll
-
Size
22KB
-
MD5
0128619fcb67b0d2bd53d27c06bbcf38
-
SHA1
49670fd3c13abe2a98f721301edd36630ac99832
-
SHA256
6ee9b7bd04f108eb171a779286d18d0dbdaa0932ce3fb9f88e5ef4980d7742e3
-
SHA512
6bd295568ee68d2ebd7851978385113fa1cc9ccd0d6a3ed81b1e535be6d551b4fc68b35a9543af8f3713b69ec3e045a219e7f9c1e0fec3bd05f226eb5fc50007
-
SSDEEP
384:utTBBH5QQQuFl4v9MT/ViKonUoCF3gtI0+XQngTd6+bjKUc:6eQQslcCFGIJAgkCjKU
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 860 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3116 wrote to memory of 860 3116 rundll32.exe 81 PID 3116 wrote to memory of 860 3116 rundll32.exe 81 PID 3116 wrote to memory of 860 3116 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0128619fcb67b0d2bd53d27c06bbcf38_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3116 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0128619fcb67b0d2bd53d27c06bbcf38_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:860
-