Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
03/07/2024, 03:38
Static task
static1
Behavioral task
behavioral1
Sample
20f4b84936309f30e8547b1244928d67_JaffaCakes118.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
20f4b84936309f30e8547b1244928d67_JaffaCakes118.dll
Resource
win10v2004-20240611-en
General
-
Target
20f4b84936309f30e8547b1244928d67_JaffaCakes118.dll
-
Size
96KB
-
MD5
20f4b84936309f30e8547b1244928d67
-
SHA1
53dfe2cd3d90b1dadf5c9fd4da2a64daadbc7c2c
-
SHA256
ef97616aa5d0f448dc204e2a18ef058a8e8f668b910f6af3ac154f987ff775ec
-
SHA512
cb5330c323b8455ec30a5744c14728686a7a56fd8d992ae4925cad391e63b378b246a59e67d0ce5e8f4ab9ef4f9aa0da26ebca30f5bf80d79ffe788fcfd9dbc8
-
SSDEEP
1536:kiPXgpa5bDkDOFta3RluUqKuD1QP0tymhUapIUkRJlJNRKLryU3cInjq4EoIvSZR:1gW3y3RF81QPUhUapVsJfNsyU39nWsh7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2240 wrote to memory of 2244 2240 rundll32.exe 28 PID 2240 wrote to memory of 2244 2240 rundll32.exe 28 PID 2240 wrote to memory of 2244 2240 rundll32.exe 28 PID 2240 wrote to memory of 2244 2240 rundll32.exe 28 PID 2240 wrote to memory of 2244 2240 rundll32.exe 28 PID 2240 wrote to memory of 2244 2240 rundll32.exe 28 PID 2240 wrote to memory of 2244 2240 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20f4b84936309f30e8547b1244928d67_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20f4b84936309f30e8547b1244928d67_JaffaCakes118.dll,#12⤵PID:2244
-