Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
11/07/2024, 04:45
Static task
static1
Behavioral task
behavioral1
Sample
37be99e2b197a3171bd773ad2700aca0_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
37be99e2b197a3171bd773ad2700aca0_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
37be99e2b197a3171bd773ad2700aca0_JaffaCakes118.dll
-
Size
39KB
-
MD5
37be99e2b197a3171bd773ad2700aca0
-
SHA1
edb0d4d915f6b0366d7eb429e995b4b1df8ffd57
-
SHA256
56998cd02bb2b94880be36bd24f9c4c93a0ce7082313d9902da71c2ac92dd82b
-
SHA512
ad4ab9baac70627057f68ff0518dcc1bb49bf38d6230c94035ffc839a76ec9a3d65aae381609889d0bfc56ef3a2a3a7d6a9f88ec935192454650b504f8ec4680
-
SSDEEP
768:he3NBanuU3dfLcjqVAYrDaK6/SA3GKIDVdYmrnfQsUU5F:h0NBanuUNT7eK6/P6nIsf3
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3360 wrote to memory of 4304 3360 rundll32.exe 83 PID 3360 wrote to memory of 4304 3360 rundll32.exe 83 PID 3360 wrote to memory of 4304 3360 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37be99e2b197a3171bd773ad2700aca0_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3360 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37be99e2b197a3171bd773ad2700aca0_JaffaCakes118.dll,#12⤵PID:4304
-