Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14/07/2024, 18:33
Behavioral task
behavioral1
Sample
4704233e50ec71500734c78c2a9216cd_JaffaCakes118.dll
Resource
win7-20240704-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4704233e50ec71500734c78c2a9216cd_JaffaCakes118.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
4704233e50ec71500734c78c2a9216cd_JaffaCakes118.dll
-
Size
64KB
-
MD5
4704233e50ec71500734c78c2a9216cd
-
SHA1
31b0f7cf9b0726256be0b6def3329735b91818a0
-
SHA256
692eca474c193a969051f1d7d618ecc082d2ec34bce5bf95121d9f044df549a2
-
SHA512
07d6e17e8085d49c45b12991f284a9d2de041ef7cd78d52042de9bd3e1d028ca72eccde5fc4af8a967b6cf9d860517f17b19a6b628d8cbbce4dafc1df062e749
-
SSDEEP
1536:ob8Vwn/T9kWRSZVCxG6WaDGNfYhwt80fuIqTfSTQchK+Fh:oz/TWgSZVCk6WCGHtT3qTfSlDh
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4476-0-0x0000000010000000-0x000000001000D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1092 wrote to memory of 4476 1092 rundll32.exe 83 PID 1092 wrote to memory of 4476 1092 rundll32.exe 83 PID 1092 wrote to memory of 4476 1092 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4704233e50ec71500734c78c2a9216cd_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4704233e50ec71500734c78c2a9216cd_JaffaCakes118.dll,#12⤵PID:4476
-