Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
15s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 14:52
Static task
static1
Behavioral task
behavioral1
Sample
3dd30311614dde53918eda740c1db959_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3dd30311614dde53918eda740c1db959_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
3dd30311614dde53918eda740c1db959_JaffaCakes118.dll
-
Size
118KB
-
MD5
3dd30311614dde53918eda740c1db959
-
SHA1
e5c77807e835e07ac9ea746f60bf99508b3b4636
-
SHA256
1b74cc63429dd67f045f290dfd1b4b2fd8299d03345451fac1f676b8e9dccd94
-
SHA512
1e24fa380a50e3c439ef92ecde6291ea77ed87a0251a9ec8e311760298ce6de2d85c91379976ec885b29adb940712cc6d5545e5463671629d9b8029cdd426b85
-
SSDEEP
3072:jHyP5HyZJ4tjPAwGMwNKJqlQ7lya2xk5GZ+tGNkBbUVjK:jHOHgJYPAwGMTql4lVAYjLB4xK
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2400 wrote to memory of 2300 2400 rundll32.exe 29 PID 2400 wrote to memory of 2300 2400 rundll32.exe 29 PID 2400 wrote to memory of 2300 2400 rundll32.exe 29 PID 2400 wrote to memory of 2300 2400 rundll32.exe 29 PID 2400 wrote to memory of 2300 2400 rundll32.exe 29 PID 2400 wrote to memory of 2300 2400 rundll32.exe 29 PID 2400 wrote to memory of 2300 2400 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd30311614dde53918eda740c1db959_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd30311614dde53918eda740c1db959_JaffaCakes118.dll,#12⤵PID:2300
-