Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24/06/2024, 14:32
Static task
static1
Behavioral task
behavioral1
Sample
091406a43e1d543fae91cc5592a1e6cc_JaffaCakes118.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
091406a43e1d543fae91cc5592a1e6cc_JaffaCakes118.dll
Resource
win10v2004-20240611-en
General
-
Target
091406a43e1d543fae91cc5592a1e6cc_JaffaCakes118.dll
-
Size
72KB
-
MD5
091406a43e1d543fae91cc5592a1e6cc
-
SHA1
b7a34022d13ac6186f0f8cbefaf13410bff95070
-
SHA256
4831c9ef81fec067355314111273ade515533aa293fddd238a05f116f50820ff
-
SHA512
eeb0850c9cf2da9872474cdb6b858d85502ebc364c351372cd0024125bbbcf78ac50fefad8571ac6c7dffd521b2b45f20129241e13ce6276c7590623429d9490
-
SSDEEP
768:YajMjUaqo/LqPTaeBaP8/RFbrP8j8YDNBMcsgSEy/E5bu9c8lfrq5zS0O:Ya6Joa78fri8GTMAH98dC
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2796 wrote to memory of 3808 2796 rundll32.exe 83 PID 2796 wrote to memory of 3808 2796 rundll32.exe 83 PID 2796 wrote to memory of 3808 2796 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\091406a43e1d543fae91cc5592a1e6cc_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\091406a43e1d543fae91cc5592a1e6cc_JaffaCakes118.dll,#12⤵PID:3808
-