Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/07/2024, 18:57
Static task
static1
Behavioral task
behavioral1
Sample
2944b8061882161ae4dc0ff46f0629cd_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2944b8061882161ae4dc0ff46f0629cd_JaffaCakes118.dll
Resource
win10v2004-20240704-en
General
-
Target
2944b8061882161ae4dc0ff46f0629cd_JaffaCakes118.dll
-
Size
204KB
-
MD5
2944b8061882161ae4dc0ff46f0629cd
-
SHA1
0b4d7c41279cfb5f03d0fd4556a5697c3e0e1d63
-
SHA256
a877f294d3d2bad81974d43ff2d647b700a37909eb04f5a9f02fcf7cb9531709
-
SHA512
e6ea2ba38d15fc61b862e527f5d7426acf7e3c842bff47298d97258a25df73a0ae905a7b194f745944a6daa13fba386d28170d8bce1ab9b3c215a740bbbc7981
-
SSDEEP
3072:X2KfCxH7CWdU1dyDIwebgvX3xJO5bWzgMKdMI9ScclRQvm/0qHkcO5Vn6V4/8L4g:wGWnf3PWM9M8L45sq4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1936 wrote to memory of 1040 1936 rundll32.exe 28 PID 1936 wrote to memory of 1040 1936 rundll32.exe 28 PID 1936 wrote to memory of 1040 1936 rundll32.exe 28 PID 1936 wrote to memory of 1040 1936 rundll32.exe 28 PID 1936 wrote to memory of 1040 1936 rundll32.exe 28 PID 1936 wrote to memory of 1040 1936 rundll32.exe 28 PID 1936 wrote to memory of 1040 1936 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2944b8061882161ae4dc0ff46f0629cd_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2944b8061882161ae4dc0ff46f0629cd_JaffaCakes118.dll,#12⤵PID:1040
-