Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 08:35
Static task
static1
Behavioral task
behavioral1
Sample
40f2b60b0c9c56f5312678fbd29d38e9_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
40f2b60b0c9c56f5312678fbd29d38e9_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
40f2b60b0c9c56f5312678fbd29d38e9_JaffaCakes118.dll
-
Size
64KB
-
MD5
40f2b60b0c9c56f5312678fbd29d38e9
-
SHA1
5bcfd942a380eb15634607c6f87ec39464b6fc78
-
SHA256
469eae527c618571d18b8bbdd46fcbd2ce2034fec3b6d9265378db2ed87955de
-
SHA512
24d593c200ea8c0a9e7143f4bc8cc5fad18a5b1b48f566ae1e2d5c2f2ffc916bf27c231b831aa4e8d75607916e0bd6bb87a9b1a3d904c3103029750fa086d80a
-
SSDEEP
768:jHLEjXqOcy48wA+LkoqW8lyTxkw9U2p26wbzC5sdxMjiB9UQgwWHiGOs3q3Z:jWaC+Ltq1lyTCM8nzN4los63Z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2692 wrote to memory of 2756 2692 rundll32.exe 30 PID 2692 wrote to memory of 2756 2692 rundll32.exe 30 PID 2692 wrote to memory of 2756 2692 rundll32.exe 30 PID 2692 wrote to memory of 2756 2692 rundll32.exe 30 PID 2692 wrote to memory of 2756 2692 rundll32.exe 30 PID 2692 wrote to memory of 2756 2692 rundll32.exe 30 PID 2692 wrote to memory of 2756 2692 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40f2b60b0c9c56f5312678fbd29d38e9_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40f2b60b0c9c56f5312678fbd29d38e9_JaffaCakes118.dll,#12⤵PID:2756
-