Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
11/07/2024, 10:17
Static task
static1
Behavioral task
behavioral1
Sample
38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll
-
Size
155KB
-
MD5
38b68790bb25bb424b805ffed610ee9c
-
SHA1
bed4b19f11c8b46d3098cf63b5159eac7b3ce428
-
SHA256
c8e613ecd7b4783ea535f669d173a0306ba35b20de0f93e65015995feba43b6b
-
SHA512
f86d549f12580641c8888cc05f1355ce6b305299864cc865dbd066b4649299ca9cb396471a2027e1a2bc9e9725adc8fdb2882b02e8536f88c67e9eaba892b838
-
SSDEEP
3072:QG2nb11GVTOeP5xh+ppanECyJRPjE/AYNHjE+ceo7Tho6nXZ:QTn/GVbP5xcppnPQndjEl9ThTp
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2664 2164 rundll32.exe 30 PID 2164 wrote to memory of 2664 2164 rundll32.exe 30 PID 2164 wrote to memory of 2664 2164 rundll32.exe 30 PID 2164 wrote to memory of 2664 2164 rundll32.exe 30 PID 2164 wrote to memory of 2664 2164 rundll32.exe 30 PID 2164 wrote to memory of 2664 2164 rundll32.exe 30 PID 2164 wrote to memory of 2664 2164 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll,#12⤵PID:2664
-