Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 00:14
Behavioral task
behavioral1
Sample
053b72a01004f2fd49db001d78112213_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
053b72a01004f2fd49db001d78112213_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
053b72a01004f2fd49db001d78112213_JaffaCakes118.dll
-
Size
275KB
-
MD5
053b72a01004f2fd49db001d78112213
-
SHA1
41968cb5aa28fb3bdec1a562269064778342dda7
-
SHA256
cb04301132868a6a63930325802123913fd820fdbeced196ee6ee933248c5810
-
SHA512
1a18a20261e7e50e56663fcda4f0c98f9c402ec6c109862141ce801cfa7cb1cc5ae38e7efb9187ab677c36b223d6e34472ec3752075cdd8819f76336023f0fa2
-
SSDEEP
6144:DWjCjFiXuXSVSEYmnFNXepK8lTaZQl22X9sbJ0rl:DsCjsX5VSEpnF5ev5Cu9x
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1888 wrote to memory of 2196 1888 rundll32.exe 28 PID 1888 wrote to memory of 2196 1888 rundll32.exe 28 PID 1888 wrote to memory of 2196 1888 rundll32.exe 28 PID 1888 wrote to memory of 2196 1888 rundll32.exe 28 PID 1888 wrote to memory of 2196 1888 rundll32.exe 28 PID 1888 wrote to memory of 2196 1888 rundll32.exe 28 PID 1888 wrote to memory of 2196 1888 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\053b72a01004f2fd49db001d78112213_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\053b72a01004f2fd49db001d78112213_JaffaCakes118.dll,#12⤵PID:2196
-