Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 00:41
Behavioral task
behavioral1
Sample
05c76acf90cdbc004562f54312e2cdbb_JaffaCakes118.dll
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
05c76acf90cdbc004562f54312e2cdbb_JaffaCakes118.dll
Resource
win10v2004-20240611-en
2 signatures
150 seconds
General
-
Target
05c76acf90cdbc004562f54312e2cdbb_JaffaCakes118.dll
-
Size
805KB
-
MD5
05c76acf90cdbc004562f54312e2cdbb
-
SHA1
af97da4c6a6f35436f7b8f4cd91e7c00a8855719
-
SHA256
d99e3db612f3b9453268cb04f5ecba9b832ce12e9a0190fb76d7bbb65ed737e6
-
SHA512
c02181bde6ee8c0f86cb79663e8c2463f306d754133921bfba47189e9a792f3c19ee812b989d721fbaf862aecce10d36bb41c9b83fb194ad515ea5afb0f19bb7
-
SSDEEP
24576:ezuymKnZJuq2cKsA1Eya+ZxMjVYFj0m5SbdkWR:BympsA1EyY7m5adv
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1708 rundll32.exe 1708 rundll32.exe 1708 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1932 wrote to memory of 1708 1932 rundll32.exe 28 PID 1932 wrote to memory of 1708 1932 rundll32.exe 28 PID 1932 wrote to memory of 1708 1932 rundll32.exe 28 PID 1932 wrote to memory of 1708 1932 rundll32.exe 28 PID 1932 wrote to memory of 1708 1932 rundll32.exe 28 PID 1932 wrote to memory of 1708 1932 rundll32.exe 28 PID 1932 wrote to memory of 1708 1932 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05c76acf90cdbc004562f54312e2cdbb_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05c76acf90cdbc004562f54312e2cdbb_JaffaCakes118.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:1708
-