Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 20:54

General

  • Target

    2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll

  • Size

    33KB

  • MD5

    2dc3859f407240ba0488e7b8fa82c90e

  • SHA1

    825712142367660405771584232538c1c88680d4

  • SHA256

    81494272257ca0d4f2de88c9c353cf100ab6cfef58c2da49f320fb56911b75e4

  • SHA512

    820b8e4fc0d04b0a1f7eb363eb6920dd5586d49b7289d3e82402530fb8a7f863445fc901423cf349e77a5a4ebdfec96cd14610a307e4f87977a0e9bf9782f5fb

  • SSDEEP

    384:pI4xxXNWM07WEnX4kDGDykI9K3xL9pL7ysp8DDzdy3u37upF+L6DdQRkkyk0RRa1:ZjEZwy1+Pv1pWDhy67uTlDdQWtMY4M2

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3656
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll,#1
      2⤵
        PID:2856
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 580
          3⤵
          • Program crash
          PID:3600
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2856 -ip 2856
      1⤵
        PID:5084

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2856-0-0x0000000010000000-0x0000000010010000-memory.dmp

        Filesize

        64KB