Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/07/2024, 14:44
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
22b8cba2388c73b2ba80f469724f593a_JaffaCakes118.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
22b8cba2388c73b2ba80f469724f593a_JaffaCakes118.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
22b8cba2388c73b2ba80f469724f593a_JaffaCakes118.dll
-
Size
13KB
-
MD5
22b8cba2388c73b2ba80f469724f593a
-
SHA1
8ff206612bce5fc4d5bcd4774ee7217a829c7f13
-
SHA256
6cf3b52c50f4cd9b9f85cc8dfd1ab8c18d6540cc22feb50c0a0d615876bf39d2
-
SHA512
a90c4e216af2c0067ab4d03dc0a10fb17cb9381e46213bf0c62a04fdf616d617e533b72bc0ad7dd99d48bf4bba112834542f8af4e2ae626adf3cdf560af9a061
-
SSDEEP
192:lf1hUS1nawe9EPjvpm7pVUTQjg5+uHfq5yxthlhC:lf1ixwl9meh+P8A
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2172 wrote to memory of 2356 2172 rundll32.exe 28 PID 2172 wrote to memory of 2356 2172 rundll32.exe 28 PID 2172 wrote to memory of 2356 2172 rundll32.exe 28 PID 2172 wrote to memory of 2356 2172 rundll32.exe 28 PID 2172 wrote to memory of 2356 2172 rundll32.exe 28 PID 2172 wrote to memory of 2356 2172 rundll32.exe 28 PID 2172 wrote to memory of 2356 2172 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22b8cba2388c73b2ba80f469724f593a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22b8cba2388c73b2ba80f469724f593a_JaffaCakes118.dll,#12⤵PID:2356
-