Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 18:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll
-
Size
73KB
-
MD5
318448cd3fd73c7baa79cbbaace76d51
-
SHA1
137a6dbe59091598d1717fcd708287c9009c3773
-
SHA256
2abe19a300da3edf5a61c8e30064e78d3f06cc5ad897eedbf7c4685386734128
-
SHA512
d18d7b8041b05f67580b960658d4b9f17318a36b0f6d2b1b89326e1d889492c0c2ed516bedf41e8481e56d5bcf491dfded6e16915d312b1f496aa162ac0af26f
-
SSDEEP
1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 756 1668 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2856 wrote to memory of 1668 2856 rundll32.exe 81 PID 2856 wrote to memory of 1668 2856 rundll32.exe 81 PID 2856 wrote to memory of 1668 2856 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll,#12⤵PID:1668
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 6003⤵
- Program crash
PID:756
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1668 -ip 16681⤵PID:1752