Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20/06/2024, 18:18
Static task
static1
Behavioral task
behavioral1
Sample
0894189694f6df92d4808cebcaad8a7b_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0894189694f6df92d4808cebcaad8a7b_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
0894189694f6df92d4808cebcaad8a7b_JaffaCakes118.dll
-
Size
21KB
-
MD5
0894189694f6df92d4808cebcaad8a7b
-
SHA1
964655d5bc94dd53ab9c0781754ea0385c69b410
-
SHA256
b450b755594ee012b2f02ae02af181d68f3481896fb8a865335f655a67845dda
-
SHA512
37b0583f8179b39a06c58838d4bbb691e0c524fd5229d15d390d779d94101ea10ebd61d6482e02a3d354a8230ad86cf74e103ee97e1d01644fcc3fa926041297
-
SSDEEP
384:kMRdCy/MqlWL6mQe+Qmdd7FspGyPbqoq4VMrAzdbJ:vCy0qls6mQhT/mpRfVlp
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4372 wrote to memory of 3020 4372 rundll32.exe 82 PID 4372 wrote to memory of 3020 4372 rundll32.exe 82 PID 4372 wrote to memory of 3020 4372 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0894189694f6df92d4808cebcaad8a7b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4372 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0894189694f6df92d4808cebcaad8a7b_JaffaCakes118.dll,#12⤵PID:3020
-