Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10/07/2024, 10:50
Static task
static1
Behavioral task
behavioral1
Sample
346a6d8ab2e9edd9cb7d70f531184d81_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
346a6d8ab2e9edd9cb7d70f531184d81_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
346a6d8ab2e9edd9cb7d70f531184d81_JaffaCakes118.dll
-
Size
11KB
-
MD5
346a6d8ab2e9edd9cb7d70f531184d81
-
SHA1
c6aa992a78077e6b4d7d3e365a694e94d4976152
-
SHA256
bd94b586c6a98c1f634c1689bc6e7b99d363c4a4c9267795bb7c09ae8c1c74e5
-
SHA512
7407663ff517897335a2b5e4b301398a89d785cfea9d4f38e8a847d84b488621ea408b325dc9e2cd30cc909b6c29b0fc8ba825e96b485a2cb70545155324cc6d
-
SSDEEP
192:mj0xI9g4GOuBS65AnKectx7VGF3gorjjCKEj2xWbtVMjc3C3qNE6HCU2VdFK/NRw:mj04GOuBAn7ctpm3gsjjCZtA4CaNHHUt
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4952 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2268 wrote to memory of 4952 2268 rundll32.exe 83 PID 2268 wrote to memory of 4952 2268 rundll32.exe 83 PID 2268 wrote to memory of 4952 2268 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\346a6d8ab2e9edd9cb7d70f531184d81_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\346a6d8ab2e9edd9cb7d70f531184d81_JaffaCakes118.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
PID:4952
-