Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/06/2024, 07:05
Static task
static1
Behavioral task
behavioral1
Sample
151656041e149cf305c302669628c54b_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
151656041e149cf305c302669628c54b_JaffaCakes118.dll
Resource
win10v2004-20240611-en
General
-
Target
151656041e149cf305c302669628c54b_JaffaCakes118.dll
-
Size
13KB
-
MD5
151656041e149cf305c302669628c54b
-
SHA1
e9e4a9e32de6526c549d947205602e0f73ed751a
-
SHA256
0805bde89dba756a46ea9aa1c30deebb59a11ba467700bd08f839f5e2ba62427
-
SHA512
fe819561a892c750566dd079618be2be4e2f912c95d760234204382a33a8518f29b1eaace2568501184f5b4cb96ae6024ea55e48227e4a132088f71d02c4a235
-
SSDEEP
192:tA5ldKFhEC+/keFVGlga6JiP6DV7QOO/jamfg3zW87Q/12NNJICjv+kgUw9A:tAde+seFVqqxQOUW40y87Qt2vJDr
Malware Config
Signatures
-
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 480 Process not Found -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2172 wrote to memory of 2348 2172 rundll32.exe 28 PID 2172 wrote to memory of 2348 2172 rundll32.exe 28 PID 2172 wrote to memory of 2348 2172 rundll32.exe 28 PID 2172 wrote to memory of 2348 2172 rundll32.exe 28 PID 2172 wrote to memory of 2348 2172 rundll32.exe 28 PID 2172 wrote to memory of 2348 2172 rundll32.exe 28 PID 2172 wrote to memory of 2348 2172 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\151656041e149cf305c302669628c54b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\151656041e149cf305c302669628c54b_JaffaCakes118.dll,#12⤵PID:2348
-