Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 17:11
Static task
static1
Behavioral task
behavioral1
Sample
3e2f99c1c9841fc718f5138bfcba5382_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3e2f99c1c9841fc718f5138bfcba5382_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
3e2f99c1c9841fc718f5138bfcba5382_JaffaCakes118.dll
-
Size
33KB
-
MD5
3e2f99c1c9841fc718f5138bfcba5382
-
SHA1
5cf2ee691da70a24e74549abce6ae65e668746d1
-
SHA256
96b40d1a765c97458f6d9761d250e0ac4b53bedd1513bf7bc8f4adc81ba01a29
-
SHA512
9ba4fef0d831ec764185fcd4419c8319d1b3fe9a81fd324a463c03c469856893538ddb66c33b76d15bd04e611b3dd411d527000fb7ccf852a85817e0eb0d55b2
-
SSDEEP
384:71s97M849VCFQtlzeSxhpbIVLIlt7Cw9tucSxbpUCYCGg6ACB7DzFfYKgehAmZqd:BjR/Csl1FcVLfiIPWCGeqfFpAmA0nsrV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2684 wrote to memory of 2088 2684 rundll32.exe 30 PID 2684 wrote to memory of 2088 2684 rundll32.exe 30 PID 2684 wrote to memory of 2088 2684 rundll32.exe 30 PID 2684 wrote to memory of 2088 2684 rundll32.exe 30 PID 2684 wrote to memory of 2088 2684 rundll32.exe 30 PID 2684 wrote to memory of 2088 2684 rundll32.exe 30 PID 2684 wrote to memory of 2088 2684 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e2f99c1c9841fc718f5138bfcba5382_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e2f99c1c9841fc718f5138bfcba5382_JaffaCakes118.dll,#12⤵PID:2088
-