Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 06:12
Static task
static1
Behavioral task
behavioral1
Sample
1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll
Resource
win10v2004-20240611-en
General
-
Target
1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll
-
Size
367KB
-
MD5
1911858bcd60ebc41d69a1858a9ec4df
-
SHA1
9f1b1766ec3a17190c9470f3058e5c545f6a6807
-
SHA256
fa42acab904647cec080153e4d77a8880c243d84de82344426f75c44997efecc
-
SHA512
4887f094c394da50688303d729b9b551398759e9bee51f2af33a43a3922bb27260ff25b19ded3c7bbe974c73746d1bcace9cacad12744325668054198180b3ed
-
SSDEEP
6144:75YOb2ONqSVJlhvwUFe8oSFr/Y8RtlXne/PSOdqT1mOrx5OaVVqz:75YBOflfFewfRtG3DQvLbqz
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2072 wrote to memory of 1948 2072 rundll32.exe 28 PID 2072 wrote to memory of 1948 2072 rundll32.exe 28 PID 2072 wrote to memory of 1948 2072 rundll32.exe 28 PID 2072 wrote to memory of 1948 2072 rundll32.exe 28 PID 2072 wrote to memory of 1948 2072 rundll32.exe 28 PID 2072 wrote to memory of 1948 2072 rundll32.exe 28 PID 2072 wrote to memory of 1948 2072 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll,#12⤵PID:1948
-