Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 00:08
Behavioral task
behavioral1
Sample
04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll
Resource
win10v2004-20240611-en
2 signatures
150 seconds
General
-
Target
04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll
-
Size
507KB
-
MD5
04ff6761665bb68db85737f0eeee46c5
-
SHA1
682c8f2b9b9bff943517140a896395384f7ac16f
-
SHA256
d070a0af31e1572448d8389386aae244107413ed31610dac214da84356d74947
-
SHA512
e3329700bca84e589f3c41e44a1e9762f2058cbd3b412f71cecd2702cd8a89e68db8ba4c13165e548740ad183eace588d4b277d8629550397d246617128a74e4
-
SSDEEP
12288:K/1l8VG5YwOn24RmFPv52n1UtKV4IW1aAzgQjI1OWaGVU:K/1F+K48FPh210KyAAzgQU1U
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2872 2124 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2040 wrote to memory of 2124 2040 rundll32.exe 28 PID 2040 wrote to memory of 2124 2040 rundll32.exe 28 PID 2040 wrote to memory of 2124 2040 rundll32.exe 28 PID 2040 wrote to memory of 2124 2040 rundll32.exe 28 PID 2040 wrote to memory of 2124 2040 rundll32.exe 28 PID 2040 wrote to memory of 2124 2040 rundll32.exe 28 PID 2040 wrote to memory of 2124 2040 rundll32.exe 28 PID 2124 wrote to memory of 2872 2124 rundll32.exe 29 PID 2124 wrote to memory of 2872 2124 rundll32.exe 29 PID 2124 wrote to memory of 2872 2124 rundll32.exe 29 PID 2124 wrote to memory of 2872 2124 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 2683⤵
- Program crash
PID:2872
-
-