Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
04/07/2024, 05:13
Static task
static1
Behavioral task
behavioral1
Sample
24bfb454660fce07d37e74739d6c83f4_JaffaCakes118.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
24bfb454660fce07d37e74739d6c83f4_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
24bfb454660fce07d37e74739d6c83f4_JaffaCakes118.dll
-
Size
15KB
-
MD5
24bfb454660fce07d37e74739d6c83f4
-
SHA1
9428e18e7f20e06608cee035acd39297505c5f80
-
SHA256
60b3c52de870133f3f94afcb47063077fbff6f0dcd5c0fa6eb46169a484a5e29
-
SHA512
cfb8dc98ae0c2537d56ec14bd4c52cdaa1ca3e6525605a7e5d59ce521b75c1ffdb3c608ee10ac1b05d4b8c0ef554fcae83cc391b2c1f403f4c73169139f79079
-
SSDEEP
96:h8SaYq+JAgnKxY5XABafs5dRSFvMK/zUOf06GWBgh//vDS3WL4OQ63YqvQ:huYnK+57fs0eK/wLhYgM3hn6oS
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1932 wrote to memory of 2208 1932 rundll32.exe 28 PID 1932 wrote to memory of 2208 1932 rundll32.exe 28 PID 1932 wrote to memory of 2208 1932 rundll32.exe 28 PID 1932 wrote to memory of 2208 1932 rundll32.exe 28 PID 1932 wrote to memory of 2208 1932 rundll32.exe 28 PID 1932 wrote to memory of 2208 1932 rundll32.exe 28 PID 1932 wrote to memory of 2208 1932 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\24bfb454660fce07d37e74739d6c83f4_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\24bfb454660fce07d37e74739d6c83f4_JaffaCakes118.dll,#12⤵PID:2208
-