Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 11:25
Static task
static1
Behavioral task
behavioral1
Sample
302d906be79804797ebbee25de0c2770_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
302d906be79804797ebbee25de0c2770_JaffaCakes118.dll
Resource
win10v2004-20240704-en
General
-
Target
302d906be79804797ebbee25de0c2770_JaffaCakes118.dll
-
Size
30KB
-
MD5
302d906be79804797ebbee25de0c2770
-
SHA1
5d0fd46e3898e96f281f8cf198049a5fda758b43
-
SHA256
2fb71c4ea9b07c1c8366b30f1d2b6d9d490a692e9bffee64f3b15403d776bed4
-
SHA512
8b8f207b5cff757ca649cf0fd8f62715d8775495dad4f0d706ecb9583e817f7dce077a05e00cd65b13db825ad7a106bf5bf682176c95cc29c1005a351931d3fd
-
SSDEEP
384:gZXNHnCIrZNZS6+6F3eJSvdP+lgIGv4nb3ncp8lcXjoAuBBQARQkgRVwiW:gFlnCsSV6p/C46lcMXBBQARQkgRVw
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 620 wrote to memory of 4688 620 rundll32.exe 82 PID 620 wrote to memory of 4688 620 rundll32.exe 82 PID 620 wrote to memory of 4688 620 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\302d906be79804797ebbee25de0c2770_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:620 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\302d906be79804797ebbee25de0c2770_JaffaCakes118.dll,#12⤵PID:4688
-