Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 07:46
Static task
static1
Behavioral task
behavioral1
Sample
40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll
-
Size
160KB
-
MD5
40cd5facbbf867fe2ccbbda4f4e9fb79
-
SHA1
5cf98cdab5236d4c07bf953f23b4c74ad55c1505
-
SHA256
e64c88022d2830721fd3b25bf4797ce36b8797f4bac065ac126d4fea3fc4bec1
-
SHA512
96629850453c2e18bd97eca8b5159667299022e46c1fabd61f0ad8fa457bbe81d5808ac985e7e2a6251d32a6c3f0c4a4bf0e48bdd3f6bf60bbef1dfceb11b6ba
-
SSDEEP
3072:h+r2VLOM4fEvP/DU1p3uUNy1L/4hMay8bIsDZUCDoM3jgHtlqJNzO6a4KeaH5KR:h6fYjAp3fy1L/4hMay4IHqoUgHtlqbWl
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 588 wrote to memory of 1636 588 rundll32.exe 30 PID 588 wrote to memory of 1636 588 rundll32.exe 30 PID 588 wrote to memory of 1636 588 rundll32.exe 30 PID 588 wrote to memory of 1636 588 rundll32.exe 30 PID 588 wrote to memory of 1636 588 rundll32.exe 30 PID 588 wrote to memory of 1636 588 rundll32.exe 30 PID 588 wrote to memory of 1636 588 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:588 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll,#12⤵PID:1636
-