Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24/06/2024, 00:14
Behavioral task
behavioral1
Sample
053b72a01004f2fd49db001d78112213_JaffaCakes118.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
053b72a01004f2fd49db001d78112213_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
053b72a01004f2fd49db001d78112213_JaffaCakes118.dll
-
Size
275KB
-
MD5
053b72a01004f2fd49db001d78112213
-
SHA1
41968cb5aa28fb3bdec1a562269064778342dda7
-
SHA256
cb04301132868a6a63930325802123913fd820fdbeced196ee6ee933248c5810
-
SHA512
1a18a20261e7e50e56663fcda4f0c98f9c402ec6c109862141ce801cfa7cb1cc5ae38e7efb9187ab677c36b223d6e34472ec3752075cdd8819f76336023f0fa2
-
SSDEEP
6144:DWjCjFiXuXSVSEYmnFNXepK8lTaZQl22X9sbJ0rl:DsCjsX5VSEpnF5ev5Cu9x
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4536 wrote to memory of 3716 4536 rundll32.exe 83 PID 4536 wrote to memory of 3716 4536 rundll32.exe 83 PID 4536 wrote to memory of 3716 4536 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\053b72a01004f2fd49db001d78112213_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4536 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\053b72a01004f2fd49db001d78112213_JaffaCakes118.dll,#12⤵PID:3716
-