Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
23/06/2024, 23:59
Behavioral task
behavioral1
Sample
04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll
Resource
win10v2004-20240611-en
General
-
Target
04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll
-
Size
926KB
-
MD5
04d078af8ee5de79a10a0984fbb6bd44
-
SHA1
0c9c5997b2eb2f3c31fb962e3798856497cd5784
-
SHA256
97bac92eb6d3087380526e8e16ba057647846bbc09c77fc4871c471262a7d2f1
-
SHA512
aaf571c97117064f127aecf023e523ab44f452c4471321482e1e8b5eb11dd9024c3591bcb6b0a682b3bd6775b36f64bee9343109791cd61e2a51d50a60077564
-
SSDEEP
12288:3pk80wLits23jV72PuGJ24nc7JkDkLU0JQGGWjgfkCA1VwLNr7tMn2MweI5s3TE/:t4knBc1kCVDq5ftHaTDxNKb4msO
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1312 rundll32.exe 1312 rundll32.exe 1312 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4856 wrote to memory of 1312 4856 rundll32.exe 83 PID 4856 wrote to memory of 1312 4856 rundll32.exe 83 PID 4856 wrote to memory of 1312 4856 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04d078af8ee5de79a10a0984fbb6bd44_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:1312
-