Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/06/2024, 05:17
General
-
Target
18e955e2665d827b42715e1cbe6395be_JaffaCakes118.dll
-
Size
95KB
-
MD5
18e955e2665d827b42715e1cbe6395be
-
SHA1
f50a6e34200a1fea1d57781fd1a7561839e00dc1
-
SHA256
c470790fbfc3aff04fecf15de769f4da017ea6ea8a7a32fded73897ce61f9b18
-
SHA512
c1e76b53e6c16fdf444d23ed5c0d02e9c54990377d8ce51151cd2a1dddd6898f9006c4e6c9608d2bea4fb7b761a8a82d7e4f52dd6e8311f711e9c3c6c7cf646e
-
SSDEEP
1536:LmSQNbJE1vj8gDxkOjwU9p0mX0mt3Q0i15fJRCx0MTuHaX83/w:LmFty1L8gDyOT9GmX0mt8lJRUu6X84
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\18e955e2665d827b42715e1cbe6395be_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\18e955e2665d827b42715e1cbe6395be_JaffaCakes118.dll,#12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4400,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB