Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 13:41
Behavioral task
behavioral1
Sample
41e8a81a3e0e07872224294c11c3f554_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
41e8a81a3e0e07872224294c11c3f554_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
41e8a81a3e0e07872224294c11c3f554_JaffaCakes118.dll
-
Size
88KB
-
MD5
41e8a81a3e0e07872224294c11c3f554
-
SHA1
2fa96105f48b58d8a03898b496d49164942813a3
-
SHA256
35fa2cd87d5cdb9a432895855828efa21167781484abcb4ba01b33323a7513bd
-
SHA512
09a429215bfe37aa46833c9b4f2b1a7b266512eb95bbda02f49324bf5cfcd053f2b30785f3ae230de282a022bc798fc12c3ed87ff8e5f03c1fb800fd004d9a1e
-
SSDEEP
1536:2ztGbVj12ITYh4uBbGU5A2uqQW9L+4PMmucoZqypxput1senUEhU3r3pX1nouy86:q4Vj12I0+QbwWh+qLoZhpxpursenF43p
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1732-0-0x0000000010000000-0x000000001002E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 804 wrote to memory of 1732 804 rundll32.exe 30 PID 804 wrote to memory of 1732 804 rundll32.exe 30 PID 804 wrote to memory of 1732 804 rundll32.exe 30 PID 804 wrote to memory of 1732 804 rundll32.exe 30 PID 804 wrote to memory of 1732 804 rundll32.exe 30 PID 804 wrote to memory of 1732 804 rundll32.exe 30 PID 804 wrote to memory of 1732 804 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\41e8a81a3e0e07872224294c11c3f554_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:804 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\41e8a81a3e0e07872224294c11c3f554_JaffaCakes118.dll,#12⤵PID:1732
-