Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14/07/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
4405253a1093d75938c553fef0da773a_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4405253a1093d75938c553fef0da773a_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
4405253a1093d75938c553fef0da773a_JaffaCakes118.dll
-
Size
15KB
-
MD5
4405253a1093d75938c553fef0da773a
-
SHA1
147d1207e14c14c67620dbd9f13e506be430b070
-
SHA256
074617b01841b67f12df1c9d9d7a99d7b70a496b49733ad0f7c41ceb716882c0
-
SHA512
9e7986c3dc2f514ef9d975501e4185223d81a9bdb0af3c7d52c5324249f9a1eb52259dcfb0830019f7532a4c06e79c8359510bed5f846a078e065949dcf94ce7
-
SSDEEP
192:pY99MaNnFnGSx8u/kScd41ZHMQAkecqq3oDj8X520LmNZl9oomqWRUDnkr3NR:2993Iu/kScC19M9q40daN72NPGDnkLX
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2612 wrote to memory of 640 2612 rundll32.exe 83 PID 2612 wrote to memory of 640 2612 rundll32.exe 83 PID 2612 wrote to memory of 640 2612 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4405253a1093d75938c553fef0da773a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4405253a1093d75938c553fef0da773a_JaffaCakes118.dll,#12⤵PID:640
-