Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
32s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 16:25
Behavioral task
behavioral1
Sample
42731548efd2ec1272c13ff1a37fc1b1_JaffaCakes118.dll
Resource
win7-20240705-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
42731548efd2ec1272c13ff1a37fc1b1_JaffaCakes118.dll
Resource
win10v2004-20240709-en
1 signatures
150 seconds
General
-
Target
42731548efd2ec1272c13ff1a37fc1b1_JaffaCakes118.dll
-
Size
12.1MB
-
MD5
42731548efd2ec1272c13ff1a37fc1b1
-
SHA1
acc7ac4171edcb2704e741b83d181827437b3f8a
-
SHA256
ad6f2a51b9efadfe775bf690ca709298ec5cceebb388cd8a896cf279593406fd
-
SHA512
1b9671387a97e54b878b093ab9226672ddb4166fcb4999eb9d03e1bc66ba34d9bfc040d00aa3cebf71d04b15518ea22168d19d3e59502fce6d9cb34782f19d9e
-
SSDEEP
3072:lyPIiqHY3yVhKmq7AF/1ForUIG9OU8WserayuNpPmyN:p53A7ALu1G8mseraPNRmy
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4312 wrote to memory of 464 4312 rundll32.exe 81 PID 4312 wrote to memory of 464 4312 rundll32.exe 81 PID 4312 wrote to memory of 464 4312 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\42731548efd2ec1272c13ff1a37fc1b1_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4312 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\42731548efd2ec1272c13ff1a37fc1b1_JaffaCakes118.dll,#12⤵PID:464
-