Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
4405253a1093d75938c553fef0da773a_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4405253a1093d75938c553fef0da773a_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
4405253a1093d75938c553fef0da773a_JaffaCakes118.dll
-
Size
15KB
-
MD5
4405253a1093d75938c553fef0da773a
-
SHA1
147d1207e14c14c67620dbd9f13e506be430b070
-
SHA256
074617b01841b67f12df1c9d9d7a99d7b70a496b49733ad0f7c41ceb716882c0
-
SHA512
9e7986c3dc2f514ef9d975501e4185223d81a9bdb0af3c7d52c5324249f9a1eb52259dcfb0830019f7532a4c06e79c8359510bed5f846a078e065949dcf94ce7
-
SSDEEP
192:pY99MaNnFnGSx8u/kScd41ZHMQAkecqq3oDj8X520LmNZl9oomqWRUDnkr3NR:2993Iu/kScC19M9q40daN72NPGDnkLX
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2708 wrote to memory of 2176 2708 rundll32.exe 30 PID 2708 wrote to memory of 2176 2708 rundll32.exe 30 PID 2708 wrote to memory of 2176 2708 rundll32.exe 30 PID 2708 wrote to memory of 2176 2708 rundll32.exe 30 PID 2708 wrote to memory of 2176 2708 rundll32.exe 30 PID 2708 wrote to memory of 2176 2708 rundll32.exe 30 PID 2708 wrote to memory of 2176 2708 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4405253a1093d75938c553fef0da773a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4405253a1093d75938c553fef0da773a_JaffaCakes118.dll,#12⤵PID:2176
-