Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
10/07/2024, 20:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3656552a7b9adfe0f82b3b43f0aff0ef_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3656552a7b9adfe0f82b3b43f0aff0ef_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
3656552a7b9adfe0f82b3b43f0aff0ef_JaffaCakes118.dll
-
Size
19KB
-
MD5
3656552a7b9adfe0f82b3b43f0aff0ef
-
SHA1
4201bf3657dff7dce2791c4b756eb261e21b6358
-
SHA256
76ef606785a6587002906c512bb77f351c188f30029e9b6de31aac2230494519
-
SHA512
8c948058bc0992fd1574707e91267c098325396553bc75753d9bbff87130ec4eb944ba16fcd6f5eef4a3d5116ae647b993fbec03201aabe4477b8d0ff4ddca62
-
SSDEEP
384:q+l+Or0w7Fn9Kj+RgeGcmrMpHAfAHOoBnULd4:rl+/y9rmcmMAfFgAd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1724 wrote to memory of 2340 1724 rundll32.exe 30 PID 1724 wrote to memory of 2340 1724 rundll32.exe 30 PID 1724 wrote to memory of 2340 1724 rundll32.exe 30 PID 1724 wrote to memory of 2340 1724 rundll32.exe 30 PID 1724 wrote to memory of 2340 1724 rundll32.exe 30 PID 1724 wrote to memory of 2340 1724 rundll32.exe 30 PID 1724 wrote to memory of 2340 1724 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3656552a7b9adfe0f82b3b43f0aff0ef_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3656552a7b9adfe0f82b3b43f0aff0ef_JaffaCakes118.dll,#12⤵PID:2340
-