Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
08/07/2024, 20:54
Static task
static1
Behavioral task
behavioral1
Sample
2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll
Resource
win10v2004-20240704-en
General
-
Target
2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll
-
Size
33KB
-
MD5
2dc3859f407240ba0488e7b8fa82c90e
-
SHA1
825712142367660405771584232538c1c88680d4
-
SHA256
81494272257ca0d4f2de88c9c353cf100ab6cfef58c2da49f320fb56911b75e4
-
SHA512
820b8e4fc0d04b0a1f7eb363eb6920dd5586d49b7289d3e82402530fb8a7f863445fc901423cf349e77a5a4ebdfec96cd14610a307e4f87977a0e9bf9782f5fb
-
SSDEEP
384:pI4xxXNWM07WEnX4kDGDykI9K3xL9pL7ysp8DDzdy3u37upF+L6DdQRkkyk0RRa1:ZjEZwy1+Pv1pWDhy67uTlDdQWtMY4M2
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3600 2856 WerFault.exe 82 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3656 wrote to memory of 2856 3656 rundll32.exe 82 PID 3656 wrote to memory of 2856 3656 rundll32.exe 82 PID 3656 wrote to memory of 2856 3656 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3656 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc3859f407240ba0488e7b8fa82c90e_JaffaCakes118.dll,#12⤵PID:2856
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 5803⤵
- Program crash
PID:3600
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2856 -ip 28561⤵PID:5084