Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
06/07/2024, 20:58
Behavioral task
behavioral1
Sample
29546d0ae43486678f7125abe55b1510_JaffaCakes118.dll
Resource
win7-20240704-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
29546d0ae43486678f7125abe55b1510_JaffaCakes118.dll
Resource
win10v2004-20240704-en
1 signatures
150 seconds
General
-
Target
29546d0ae43486678f7125abe55b1510_JaffaCakes118.dll
-
Size
89KB
-
MD5
29546d0ae43486678f7125abe55b1510
-
SHA1
fa0cd58ea5db11628435e67d8b49e6ca136244e0
-
SHA256
b3a2f48d7ce82ec4addadb1b0abfb15d965c559388681be7bdd0b322003f2a15
-
SHA512
e06aea4f55142a53132eacd416a06dbab50f88c5053b5739e643fc28d2736f2069db5c397144cd43dc3adaeac7ba1ff543a74e6a24a7c7f6c0ddcce898445cd9
-
SSDEEP
1536:8OlQomzjvq2hfSNxTNLzuMd0BDFnToIfaJ7iaK:8ECCPNL5d0BDtTBfw7ia
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2416 wrote to memory of 3064 2416 rundll32.exe 30 PID 2416 wrote to memory of 3064 2416 rundll32.exe 30 PID 2416 wrote to memory of 3064 2416 rundll32.exe 30 PID 2416 wrote to memory of 3064 2416 rundll32.exe 30 PID 2416 wrote to memory of 3064 2416 rundll32.exe 30 PID 2416 wrote to memory of 3064 2416 rundll32.exe 30 PID 2416 wrote to memory of 3064 2416 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29546d0ae43486678f7125abe55b1510_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29546d0ae43486678f7125abe55b1510_JaffaCakes118.dll,#12⤵PID:3064
-