Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
03/07/2024, 05:57
Static task
static1
Behavioral task
behavioral1
Sample
214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll
-
Size
89KB
-
MD5
214df244be678dd085bc8176e12b32ce
-
SHA1
b099842299e92322a075795de1ff92064763b274
-
SHA256
c68a575ff56c8d95ec9695e7a2c1d587068ca0d70bcfe5d608d47349dd398f38
-
SHA512
7d43c3493ca643788875b1419a7127aaf233b33b04f53c9ddf9ee4eb4ab59043ce10a780b97f3432e9e9aa21a349d0a551c0b116107a945d3f5dc293308b5cd5
-
SSDEEP
1536:FZNdGyq9tKr3sXHdlwhwdraXkzoQQ/aPn6QEmCPKAaiYemo8o9T4y:VcyqjKr3stl1Fa8Sn/KAuo8G4y
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2244 rundll32.exe 2244 rundll32.exe 2244 rundll32.exe 2244 rundll32.exe 2244 rundll32.exe 2244 rundll32.exe 2244 rundll32.exe 2244 rundll32.exe 2244 rundll32.exe 2244 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 18 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2244 rundll32.exe Token: SeSecurityPrivilege 2244 rundll32.exe Token: SeTakeOwnershipPrivilege 2244 rundll32.exe Token: SeLoadDriverPrivilege 2244 rundll32.exe Token: SeSystemProfilePrivilege 2244 rundll32.exe Token: SeSystemtimePrivilege 2244 rundll32.exe Token: SeProfSingleProcessPrivilege 2244 rundll32.exe Token: SeIncBasePriorityPrivilege 2244 rundll32.exe Token: SeCreatePagefilePrivilege 2244 rundll32.exe Token: SeShutdownPrivilege 2244 rundll32.exe Token: SeDebugPrivilege 2244 rundll32.exe Token: SeSystemEnvironmentPrivilege 2244 rundll32.exe Token: SeRemoteShutdownPrivilege 2244 rundll32.exe Token: SeUndockPrivilege 2244 rundll32.exe Token: SeManageVolumePrivilege 2244 rundll32.exe Token: 33 2244 rundll32.exe Token: 34 2244 rundll32.exe Token: 35 2244 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2468 wrote to memory of 2244 2468 rundll32.exe 28 PID 2468 wrote to memory of 2244 2468 rundll32.exe 28 PID 2468 wrote to memory of 2244 2468 rundll32.exe 28 PID 2468 wrote to memory of 2244 2468 rundll32.exe 28 PID 2468 wrote to memory of 2244 2468 rundll32.exe 28 PID 2468 wrote to memory of 2244 2468 rundll32.exe 28 PID 2468 wrote to memory of 2244 2468 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\214df244be678dd085bc8176e12b32ce_JaffaCakes118.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2244
-