Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23/06/2024, 23:59
Behavioral task
behavioral1
Sample
04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll
Resource
win10v2004-20240611-en
General
-
Target
04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll
-
Size
926KB
-
MD5
04d078af8ee5de79a10a0984fbb6bd44
-
SHA1
0c9c5997b2eb2f3c31fb962e3798856497cd5784
-
SHA256
97bac92eb6d3087380526e8e16ba057647846bbc09c77fc4871c471262a7d2f1
-
SHA512
aaf571c97117064f127aecf023e523ab44f452c4471321482e1e8b5eb11dd9024c3591bcb6b0a682b3bd6775b36f64bee9343109791cd61e2a51d50a60077564
-
SSDEEP
12288:3pk80wLits23jV72PuGJ24nc7JkDkLU0JQGGWjgfkCA1VwLNr7tMn2MweI5s3TE/:t4knBc1kCVDq5ftHaTDxNKb4msO
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2132 rundll32.exe 2132 rundll32.exe 2132 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1700 wrote to memory of 2132 1700 rundll32.exe 28 PID 1700 wrote to memory of 2132 1700 rundll32.exe 28 PID 1700 wrote to memory of 2132 1700 rundll32.exe 28 PID 1700 wrote to memory of 2132 1700 rundll32.exe 28 PID 1700 wrote to memory of 2132 1700 rundll32.exe 28 PID 1700 wrote to memory of 2132 1700 rundll32.exe 28 PID 1700 wrote to memory of 2132 1700 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2132
-