Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24/06/2024, 00:08
Behavioral task
behavioral1
Sample
04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll
Resource
win10v2004-20240611-en
2 signatures
150 seconds
General
-
Target
04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll
-
Size
507KB
-
MD5
04ff6761665bb68db85737f0eeee46c5
-
SHA1
682c8f2b9b9bff943517140a896395384f7ac16f
-
SHA256
d070a0af31e1572448d8389386aae244107413ed31610dac214da84356d74947
-
SHA512
e3329700bca84e589f3c41e44a1e9762f2058cbd3b412f71cecd2702cd8a89e68db8ba4c13165e548740ad183eace588d4b277d8629550397d246617128a74e4
-
SSDEEP
12288:K/1l8VG5YwOn24RmFPv52n1UtKV4IW1aAzgQjI1OWaGVU:K/1F+K48FPh210KyAAzgQU1U
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1748 3432 WerFault.exe 83 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1728 wrote to memory of 3432 1728 rundll32.exe 83 PID 1728 wrote to memory of 3432 1728 rundll32.exe 83 PID 1728 wrote to memory of 3432 1728 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04ff6761665bb68db85737f0eeee46c5_JaffaCakes118.dll,#12⤵PID:3432
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 6483⤵
- Program crash
PID:1748
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3432 -ip 34321⤵PID:3296