Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
06/07/2024, 11:15 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
285a17f3ce539962cab473641e99df57_JaffaCakes118.dll
Resource
win7-20240704-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
285a17f3ce539962cab473641e99df57_JaffaCakes118.dll
Resource
win10v2004-20240704-en
1 signatures
150 seconds
General
-
Target
285a17f3ce539962cab473641e99df57_JaffaCakes118.dll
-
Size
52KB
-
MD5
285a17f3ce539962cab473641e99df57
-
SHA1
0653ea17f12b1deb6fee5df7dda1f777e99f98a9
-
SHA256
4dcfa8a7d09ece10531db1161fdf671098b1ca397db47f0bc23c5f3dbbe6d998
-
SHA512
36374c09e6a3bb5c5b68760c372f1fb012855d281a34df67c76eec2ac3bfbd831fc1a52258dcc01ca6b458057e46e49f137df7d4cd0bddb5e4c91278b11be677
-
SSDEEP
1536:gtVp+GyKxPZP2mSPfO60uLi2KedZOtLLh4M:gP9tJwmdyZOtLLh
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2732 wrote to memory of 2736 2732 rundll32.exe 30 PID 2732 wrote to memory of 2736 2732 rundll32.exe 30 PID 2732 wrote to memory of 2736 2732 rundll32.exe 30 PID 2732 wrote to memory of 2736 2732 rundll32.exe 30 PID 2732 wrote to memory of 2736 2732 rundll32.exe 30 PID 2732 wrote to memory of 2736 2732 rundll32.exe 30 PID 2732 wrote to memory of 2736 2732 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\285a17f3ce539962cab473641e99df57_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\285a17f3ce539962cab473641e99df57_JaffaCakes118.dll,#12⤵PID:2736
-