Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240708-en -
resource tags
arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system -
submitted
08/07/2024, 21:50
Static task
static1
Behavioral task
behavioral1
Sample
2dee6c848fe4eaa626c704c042a1bb06_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2dee6c848fe4eaa626c704c042a1bb06_JaffaCakes118.dll
Resource
win10v2004-20240708-en
General
-
Target
2dee6c848fe4eaa626c704c042a1bb06_JaffaCakes118.dll
-
Size
8.0MB
-
MD5
2dee6c848fe4eaa626c704c042a1bb06
-
SHA1
c1e523d19575602aef3fe400f878d9dd26d7c968
-
SHA256
326f7b186b6561cedf3c8d9b85d54bd4712d231610ae344c21b1ab54593123ca
-
SHA512
9cf5c799a9f1892e74a388750112549034e789504f88e561fb8d251ebb22b0f0e969981c48ed6d6819a44dd9ebefb882079e1a7c6b32d9e1bc7135e7d86ee289
-
SSDEEP
196608:59RC/4uCpLYMIn36QSvacJkI5WvqHXF06lGGtz1pCE1UdPqCp/:5TQCpLynqQ+Zr1xlHXD1Utqa/
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2880 wrote to memory of 1012 2880 rundll32.exe 80 PID 2880 wrote to memory of 1012 2880 rundll32.exe 80 PID 2880 wrote to memory of 1012 2880 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dee6c848fe4eaa626c704c042a1bb06_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dee6c848fe4eaa626c704c042a1bb06_JaffaCakes118.dll,#12⤵PID:1012
-