Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 05:57

General

  • Target

    214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll

  • Size

    89KB

  • MD5

    214df244be678dd085bc8176e12b32ce

  • SHA1

    b099842299e92322a075795de1ff92064763b274

  • SHA256

    c68a575ff56c8d95ec9695e7a2c1d587068ca0d70bcfe5d608d47349dd398f38

  • SHA512

    7d43c3493ca643788875b1419a7127aaf233b33b04f53c9ddf9ee4eb4ab59043ce10a780b97f3432e9e9aa21a349d0a551c0b116107a945d3f5dc293308b5cd5

  • SSDEEP

    1536:FZNdGyq9tKr3sXHdlwhwdraXkzoQQ/aPn6QEmCPKAaiYemo8o9T4y:VcyqjKr3stl1Fa8Sn/KAuo8G4y

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2244-0-0x000000005F050000-0x000000005F051000-memory.dmp

    Filesize

    4KB

  • memory/2244-1-0x000000005F080000-0x000000005F081000-memory.dmp

    Filesize

    4KB

  • memory/2244-2-0x000000005F090000-0x000000005F091000-memory.dmp

    Filesize

    4KB