Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 07:46

General

  • Target

    40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll

  • Size

    160KB

  • MD5

    40cd5facbbf867fe2ccbbda4f4e9fb79

  • SHA1

    5cf98cdab5236d4c07bf953f23b4c74ad55c1505

  • SHA256

    e64c88022d2830721fd3b25bf4797ce36b8797f4bac065ac126d4fea3fc4bec1

  • SHA512

    96629850453c2e18bd97eca8b5159667299022e46c1fabd61f0ad8fa457bbe81d5808ac985e7e2a6251d32a6c3f0c4a4bf0e48bdd3f6bf60bbef1dfceb11b6ba

  • SSDEEP

    3072:h+r2VLOM4fEvP/DU1p3uUNy1L/4hMay8bIsDZUCDoM3jgHtlqJNzO6a4KeaH5KR:h6fYjAp3fy1L/4hMay4IHqoUgHtlqbWl

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:588
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll,#1
      2⤵
        PID:1636

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1636-2-0x0000000010000000-0x000000001002A000-memory.dmp

      Filesize

      168KB

    • memory/1636-4-0x0000000010029000-0x000000001002A000-memory.dmp

      Filesize

      4KB

    • memory/1636-1-0x0000000010000000-0x000000001002A000-memory.dmp

      Filesize

      168KB

    • memory/1636-0-0x0000000010000000-0x000000001002A000-memory.dmp

      Filesize

      168KB

    • memory/1636-3-0x0000000010000000-0x000000001002A000-memory.dmp

      Filesize

      168KB