Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 08:22
Static task
static1
Behavioral task
behavioral1
Sample
19708d2f9ba60a82d2d2b6d2cc8bd4ab_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
19708d2f9ba60a82d2d2b6d2cc8bd4ab_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
19708d2f9ba60a82d2d2b6d2cc8bd4ab_JaffaCakes118.dll
-
Size
29KB
-
MD5
19708d2f9ba60a82d2d2b6d2cc8bd4ab
-
SHA1
052f9035bfbea449bc89829807b42c9895d4fd42
-
SHA256
0faabb3fd3b02625bd5f7090ae9f01e9f5f1f5494e5d2d30644d5d353ccf15a4
-
SHA512
2f95c2fe96ffa16536d866a5f6bf87991fbbadd67d99015a0302652366c56f728929bc0301dba3ab1150659e77803e9ceb1913e99e7a919e08406fd3d4f780a1
-
SSDEEP
384:VmFZVcHcvTIh1gmG37nM9/WI8FjKfypzvRzx2OA2kh21YkhqLnh2lct58:sFZVTbO1gmUMp69XpzvRFLYOqLnr58
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1244 wrote to memory of 908 1244 rundll32.exe 28 PID 1244 wrote to memory of 908 1244 rundll32.exe 28 PID 1244 wrote to memory of 908 1244 rundll32.exe 28 PID 1244 wrote to memory of 908 1244 rundll32.exe 28 PID 1244 wrote to memory of 908 1244 rundll32.exe 28 PID 1244 wrote to memory of 908 1244 rundll32.exe 28 PID 1244 wrote to memory of 908 1244 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19708d2f9ba60a82d2d2b6d2cc8bd4ab_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19708d2f9ba60a82d2d2b6d2cc8bd4ab_JaffaCakes118.dll,#12⤵PID:908
-