Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 04:08 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3bef39d4787d31bc2d198d71421a3909_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3bef39d4787d31bc2d198d71421a3909_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
3bef39d4787d31bc2d198d71421a3909_JaffaCakes118.dll
-
Size
96KB
-
MD5
3bef39d4787d31bc2d198d71421a3909
-
SHA1
2debe058c9220341df80efab9f281d8f29153423
-
SHA256
0e489fcb91110754fac1bc1f80f9e1091c9983629bdb4348b926ce8e1232ae98
-
SHA512
a0325b2c171004b71876d9f9daa8e28d8f5e4613bbaafe2874106655aef6bbed8193618389c3cbef6b100e45a0d5d9e6708c93b29242d7867c9a1531de5ed46f
-
SSDEEP
3072:W44eYhg3IeJHxkJMH/wWipXKyihFABD4ypnu:b447jxKBD4yRu
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2512 2636 WerFault.exe 83 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3364 wrote to memory of 2636 3364 rundll32.exe 83 PID 3364 wrote to memory of 2636 3364 rundll32.exe 83 PID 3364 wrote to memory of 2636 3364 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3bef39d4787d31bc2d198d71421a3909_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3bef39d4787d31bc2d198d71421a3909_JaffaCakes118.dll,#12⤵PID:2636
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 5443⤵
- Program crash
PID:2512
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2636 -ip 26361⤵PID:4860
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A13.107.21.237dual-a-0034.a-msedge.netIN A204.79.197.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3089F20B31496DF83CC5E6B130F26C80; domain=.bing.com; expires=Wed, 06-Aug-2025 04:08:32 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E2598F3DFAF54B2C96850BF7A59B9733 Ref B: LON04EDGE0917 Ref C: 2024-07-12T04:08:32Z
date: Fri, 12 Jul 2024 04:08:31 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3089F20B31496DF83CC5E6B130F26C80
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=w0YQGQ3LAmHX0G9YMz22vnm3C44BNTYY5e00mA_jvdo; domain=.bing.com; expires=Wed, 06-Aug-2025 04:08:32 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 35D8B33636CB4D71A80172B12F171F90 Ref B: LON04EDGE0917 Ref C: 2024-07-12T04:08:32Z
date: Fri, 12 Jul 2024 04:08:32 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3089F20B31496DF83CC5E6B130F26C80; MSPTC=w0YQGQ3LAmHX0G9YMz22vnm3C44BNTYY5e00mA_jvdo
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9475D844C8134BBA90DBF7CE1F101C79 Ref B: LON04EDGE0917 Ref C: 2024-07-12T04:08:32Z
date: Fri, 12 Jul 2024 04:08:32 GMT
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request22.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.143.123.92.in-addr.arpaIN PTRResponse240.143.123.92.in-addr.arpaIN PTRa92-123-143-240deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request237.21.107.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
13.107.21.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=tls, http22.0kB 9.3kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b94ce1b8aef248028cba8f4e001b5346&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=HTTP Response
204
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
13.107.21.237204.79.197.237
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.160.190.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
240.143.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
237.21.107.13.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa