Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
11/07/2024, 11:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
38e116395c0c7f2d871d6d4bf2c82159_JaffaCakes118.dll
Resource
win7-20240708-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
38e116395c0c7f2d871d6d4bf2c82159_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
38e116395c0c7f2d871d6d4bf2c82159_JaffaCakes118.dll
-
Size
34KB
-
MD5
38e116395c0c7f2d871d6d4bf2c82159
-
SHA1
e1d55142340dd97a2bea39de7d1785b5b37830fe
-
SHA256
988448014eda58d8b87cbec4324c9e552ecb6eb2a565b8ec6d6d3e7eb354af1d
-
SHA512
a8aa20b7e1b82270d1bb5ba8ad26d536ee4f920b3a80fe30946f1687652333a1134b650f1572a104d58720f4879f58ed1967449013b79dae77e020283d26ebcd
-
SSDEEP
768:tlOTjhcY4591BlnONd7hFyDhChw59FR6lloy:tlOTL45jy7hF4M6XFR6lyy
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4844 wrote to memory of 2360 4844 rundll32.exe 83 PID 4844 wrote to memory of 2360 4844 rundll32.exe 83 PID 4844 wrote to memory of 2360 4844 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38e116395c0c7f2d871d6d4bf2c82159_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38e116395c0c7f2d871d6d4bf2c82159_JaffaCakes118.dll,#12⤵PID:2360
-