Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
09/07/2024, 00:04
Static task
static1
Behavioral task
behavioral1
Sample
2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll
Resource
win10v2004-20240704-en
General
-
Target
2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll
-
Size
40KB
-
MD5
2e4ed03c228fa12890f9843d2f9b3e17
-
SHA1
cc2fcea5fe2345133257bc45505bedca3a751d02
-
SHA256
12962aef4503375ca63a4f324910a97f063e35125206461d92aa3038013b5eb0
-
SHA512
f6ce7065e5aa705f69d4bd4ebeb8201d1f837a8db5accd12c0534195505f797923bfc44e57be75549a73c6897b1c9da68baeec52c37db33d1c11f575006b3c06
-
SSDEEP
768:Ax8RDiAPBZEQvJf7eAO7wTEpSoX+hP6fWBoREfT4T/ZQ:AxUDJvJfKn7wTuluhKaoRiT4Ta
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2840 wrote to memory of 2336 2840 rundll32.exe 29 PID 2840 wrote to memory of 2336 2840 rundll32.exe 29 PID 2840 wrote to memory of 2336 2840 rundll32.exe 29 PID 2840 wrote to memory of 2336 2840 rundll32.exe 29 PID 2840 wrote to memory of 2336 2840 rundll32.exe 29 PID 2840 wrote to memory of 2336 2840 rundll32.exe 29 PID 2840 wrote to memory of 2336 2840 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll,#12⤵PID:2336
-