Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
49s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2024, 04:39
Static task
static1
Behavioral task
behavioral1
Sample
211a3bce3505876583e9ac3d598dec96_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
211a3bce3505876583e9ac3d598dec96_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
211a3bce3505876583e9ac3d598dec96_JaffaCakes118.dll
-
Size
29KB
-
MD5
211a3bce3505876583e9ac3d598dec96
-
SHA1
249a1ae7ee5fcf00b47cd754490c3c0109088990
-
SHA256
9ceec53586ee0703f8c4c439d90d0ae67d7890b162822ec8290d2c7053b14fc4
-
SHA512
772c98a9e6099713504919e89567267e72cbdca4fde9c335f2fbf13971d2ec3b3a1e05c0b5c1d2d487512b5b28cfdfe505c185cf8e3e4b4a67bb2b849b2abf06
-
SSDEEP
768:DJtimFhFfqkLHHB9gMUVddNXxBGfURjENixCy9dJD14r2Unwhs:DNhNqIng3RBAUhIiFj1wBwh
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3868 1944 WerFault.exe 80 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4524 wrote to memory of 1944 4524 rundll32.exe 80 PID 4524 wrote to memory of 1944 4524 rundll32.exe 80 PID 4524 wrote to memory of 1944 4524 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\211a3bce3505876583e9ac3d598dec96_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4524 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\211a3bce3505876583e9ac3d598dec96_JaffaCakes118.dll,#12⤵PID:1944
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 5443⤵
- Program crash
PID:3868
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1944 -ip 19441⤵PID:4308