Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

29befbc6c8...18.dll

windows7-x64

7

29befbc6c8...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/07/2024, 04:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29befbc6c8f7f6405dbeb5b3641ecda1_JaffaCakes118.dll

  • Size

    204KB

  • MD5

    29befbc6c8f7f6405dbeb5b3641ecda1

  • SHA1

    126d09b5f0ce20e8641d962c4cd2d317cd7f3559

  • SHA256

    15b140103e0ae309e971e6cbf60cc369a4d04e504009bbb4f64f8a5b8291b70f

  • SHA512

    3ccf021cb95651a203a087c2f789134aa73eb429d6a28ed193952033748e4f31ee390146d1df682fa8226c4c6c75a9ddc0bf4f7911e79363bfa989f13237a684

  • SSDEEP

    3072:6Fr/n5sE+9oWcexATaggljmeIK3BpeIFciV3jU4nEvlTaPxpg0Vi8KGLYoLW:AEoWcoSIKIFc0N4kEc1ny

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\29befbc6c8f7f6405dbeb5b3641ecda1_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3756
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\29befbc6c8f7f6405dbeb5b3641ecda1_JaffaCakes118.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:404
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        PID:4124
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 248
          4⤵
          • Program crash
          PID:452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 608
        3⤵
        • Program crash
        PID:3124
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4124 -ip 4124
    1⤵
      PID:4996
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 404 -ip 404
      1⤵
        PID:2636

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        103KB

        MD5

        39ba7f790512d1af40cc864189175cb7

        SHA1

        da5f35bed908b1a0d08b7639d76cf2d711789e29

        SHA256

        b7bf5c2afcbb6f664966c7b2cd72ac8cc26f95199ff49a490550858e83a91e75

        SHA512

        0b59b197cf1123bacd7badb5b359ec17c45d99e297893a28b5130a724d6ba12465f361d7872ab3ebc527ae317735c1182d3d71bcd53b4773dbca3cd82ea1d76e

        Download Submit

      • memory/404-3-0x000000006D350000-0x000000006D385000-memory.dmp

        Filesize

        212KB

        Download

      • memory/4124-5-0x0000000000400000-0x0000000000454000-memory.dmp

        Filesize

        336KB

        Download

      • memory/4124-6-0x0000000000570000-0x0000000000571000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4124-8-0x0000000000400000-0x0000000000454000-memory.dmp

        Filesize

        336KB

        Download