Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 13:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4602512c4903b6c7987ed381564b58e9_JaffaCakes118.dll
Resource
win7-20240704-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4602512c4903b6c7987ed381564b58e9_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
4602512c4903b6c7987ed381564b58e9_JaffaCakes118.dll
-
Size
124KB
-
MD5
4602512c4903b6c7987ed381564b58e9
-
SHA1
0ffebca900aa8862ac1fb3525371d62f9a900a5b
-
SHA256
488efaa64fb74e996beb5b1346fc7fda210c7da4b8ba64af8c6632ffec212f5d
-
SHA512
98aa3fa6020923a21a0e8e8b35803cc7764a8b3868e133305cc058b077afd3474be44e136ec252e997fc0b100679fadaf3d6a97dcd5383b5f194ce0f78882755
-
SSDEEP
3072:ymHbLOuJcW7wYfhI8FkCZOOtr/rrwtoQ4y:N7LBJ/wynFkCR/r0toQ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2380 wrote to memory of 2504 2380 rundll32.exe 30 PID 2380 wrote to memory of 2504 2380 rundll32.exe 30 PID 2380 wrote to memory of 2504 2380 rundll32.exe 30 PID 2380 wrote to memory of 2504 2380 rundll32.exe 30 PID 2380 wrote to memory of 2504 2380 rundll32.exe 30 PID 2380 wrote to memory of 2504 2380 rundll32.exe 30 PID 2380 wrote to memory of 2504 2380 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4602512c4903b6c7987ed381564b58e9_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4602512c4903b6c7987ed381564b58e9_JaffaCakes118.dll,#12⤵PID:2504
-