Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
11/07/2024, 00:14
General
-
Target
36f857084badb877038fca24a059a705_JaffaCakes118.dll
-
Size
18KB
-
MD5
36f857084badb877038fca24a059a705
-
SHA1
8b946734f7954265160caefda3c0330a8fa9e3c8
-
SHA256
2e8644302a0fb24e0a2721a3fa7548e0cfce2c5d6fac918440733a457b977176
-
SHA512
e74aa0e35885924f66cad8c495c119a1c20b0b0e3529e7ec6c70ab789783480a8c2c87ea4b245b20e66320abb6c709235a5835209e94b5782b7eb32c171ca7a6
-
SSDEEP
384:nI+pajRhnvTYueJdof47qOjQ8gU2/TpDAN7/hk:HOnbYuIyqjSU6TpDg/
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36f857084badb877038fca24a059a705_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36f857084badb877038fca24a059a705_JaffaCakes118.dll,#12⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 2243⤵
- Program crash
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
60KB