Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
23/06/2024, 23:57
Behavioral task
behavioral1
Sample
04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll
-
Size
630KB
-
MD5
04c70f6fa75f06b875c6c6f029e2b97f
-
SHA1
6bcc857d7d1a7bdecee871a58f66a163d9eeba86
-
SHA256
c0c80b1a0ca0e292b2793151c8455f3b0ce219a4917a2ce31f8d71e0232cb3d5
-
SHA512
8990c86ec392a29d859c14e2cf6f1b6e353632035da43301854220f690d628197efa093649a54765db4e9918d6533f8cfe7742f692b3a992a8f6b912407cc92e
-
SSDEEP
12288:MD48aMMsKS9BAXjhkTMyWt4w/ui5WCLjNBNl:MUSMsL72qMS1EWajX
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1928 wrote to memory of 848 1928 regsvr32.exe 83 PID 1928 wrote to memory of 848 1928 regsvr32.exe 83 PID 1928 wrote to memory of 848 1928 regsvr32.exe 83
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\04c70f6fa75f06b875c6c6f029e2b97f_JaffaCakes118.dll2⤵PID:848
-