Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 03:15
Static task
static1
Behavioral task
behavioral1
Sample
3bcc7c4faa9f2412036744d659933acb_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3bcc7c4faa9f2412036744d659933acb_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
3bcc7c4faa9f2412036744d659933acb_JaffaCakes118.dll
-
Size
36KB
-
MD5
3bcc7c4faa9f2412036744d659933acb
-
SHA1
8ff9a4e54d7901d513f83168c44dc7333809ea97
-
SHA256
9eb1e318f2196b677a8ee35ece4ca775452e5391fab276dcdfbc7111e299998d
-
SHA512
6267dcb3b46b72bbf773ad1436d2d6a3b955f845f1dba7b4a6829f3eba1d29018c466affbf72f063f07cbf4700ebc6f25df3f8c2a0f498b7ee08732ddb19dfbd
-
SSDEEP
768:fhZaoi8p1m+LEQLT6Ua1KDoFKbdwAlJcMTx8HiI1:fhZe8pLja1K35HJcbHb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2512 wrote to memory of 4952 2512 rundll32.exe 83 PID 2512 wrote to memory of 4952 2512 rundll32.exe 83 PID 2512 wrote to memory of 4952 2512 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3bcc7c4faa9f2412036744d659933acb_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3bcc7c4faa9f2412036744d659933acb_JaffaCakes118.dll,#12⤵PID:4952
-