Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/06/2024, 01:40
Behavioral task
behavioral1
Sample
0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118.dll
-
Size
104KB
-
MD5
0bda40b3d1fa46c7d4eafbca65d506aa
-
SHA1
23287c4f31d5733ed44e9890316201475e4bd108
-
SHA256
1e67ada3cbcfe02f64c40311f54b8c2693d76d79e49347285c705625c83b3a26
-
SHA512
1b3925369f4d7152a1bccb64584318890288c56d97b3fa5f6e6abcc67cdd45f5abb80a00103746db3347339f8f53fa4ca6214b5048b7bcab63fb3169847087a2
-
SSDEEP
3072:1y5u7eZQWWTggxD+kjhR+RIXvmhyypVwMdi2igEL8Im43qkP:N7Q32gRkl7e8eVwMdjy4Im43qkP
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe 4116 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5088 wrote to memory of 4116 5088 rundll32.exe 81 PID 5088 wrote to memory of 4116 5088 rundll32.exe 81 PID 5088 wrote to memory of 4116 5088 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5088 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0bda40b3d1fa46c7d4eafbca65d506aa_JaffaCakes118.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:4116
-