Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
12/07/2024, 12:07
General
-
Target
3d5125ec8636de4cc36aa65992650463_JaffaCakes118.dll
-
Size
10KB
-
MD5
3d5125ec8636de4cc36aa65992650463
-
SHA1
8fcf7d39016480b068b32eb7b7a70fe8ad3bc4ba
-
SHA256
29f1a8203444358dd06af91b024d03d02c5a284f6b8bbac513638af6f93bccd5
-
SHA512
68de83cd1efb141fa409e67fab1f1098c9bb8b6a44345ef0b889ad6e01a67f5ce70ebb5e922e7e4df2202b98acafd01c0472b7329f58e21ad0b19e7cb0be2d3d
-
SSDEEP
192:pOZ/PwYdK7Ld8eUUyviXWJadeZYA/tIdl4Gzkj0Wf/N8kpyMBGXkgUw94:pk/PwYk91HmJade2Aid2Ckjd+kpyMBbX
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d5125ec8636de4cc36aa65992650463_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d5125ec8636de4cc36aa65992650463_JaffaCakes118.dll,#13⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB