Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/06/2024, 07:12
Static task
static1
Behavioral task
behavioral1
Sample
193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll
-
Size
68KB
-
MD5
193e10928586cd4a0df91d49455227a4
-
SHA1
68a141d8f93d5fd816235ef7e3439c1046aceb47
-
SHA256
6ad8d7ce01dc8b4811a71ec380f45c4474dd95870785c8cdacce29824a978ded
-
SHA512
b66010412292ade67918e2bd9d6d81f0207e6691f435b57f5b50eed0de4230041549fe4dacbd0d05047d289393de505f6db9cdbc2b57ffa00a055cfddafbf150
-
SSDEEP
768:jcOi31Bei7UPljckCEN3zMxPQiITUumZqQpgxkD6KTTybPr06SNnDsnx9Yt/DCTF:p9N3IOThknTTybPr06gnD3CX9o4M2z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1624 wrote to memory of 3912 1624 rundll32.exe 80 PID 1624 wrote to memory of 3912 1624 rundll32.exe 80 PID 1624 wrote to memory of 3912 1624 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll,#12⤵PID:3912
-