Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23/06/2024, 23:57
Behavioral task
behavioral1
Sample
04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll
-
Size
630KB
-
MD5
04c70f6fa75f06b875c6c6f029e2b97f
-
SHA1
6bcc857d7d1a7bdecee871a58f66a163d9eeba86
-
SHA256
c0c80b1a0ca0e292b2793151c8455f3b0ce219a4917a2ce31f8d71e0232cb3d5
-
SHA512
8990c86ec392a29d859c14e2cf6f1b6e353632035da43301854220f690d628197efa093649a54765db4e9918d6533f8cfe7742f692b3a992a8f6b912407cc92e
-
SSDEEP
12288:MD48aMMsKS9BAXjhkTMyWt4w/ui5WCLjNBNl:MUSMsL72qMS1EWajX
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2128 wrote to memory of 2104 2128 regsvr32.exe 28 PID 2128 wrote to memory of 2104 2128 regsvr32.exe 28 PID 2128 wrote to memory of 2104 2128 regsvr32.exe 28 PID 2128 wrote to memory of 2104 2128 regsvr32.exe 28 PID 2128 wrote to memory of 2104 2128 regsvr32.exe 28 PID 2128 wrote to memory of 2104 2128 regsvr32.exe 28 PID 2128 wrote to memory of 2104 2128 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll2⤵PID:2104
-